Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Buenas amigos\as,

primero gracias por el soporte que le dan a la comunidad y estoy seguro que seguiran creciendo!

bueno mi problema empeso hace un mes mas o menos en el cual cada ves que adapto\conecto un mp3 o pendrive lo que sea.. me sale un mensaje de Nod32 que se ha encontrado un virus llamado autorun.inf. ahora e visto los videos en youtube de como borrar esos viruses pero parese ser el problema mas profundo que lo que pense.
al intentar conectar un nuevo device que 100% estoy seguro de no haber sido infectado en la univercidad etc... aun con el! me sale que tiene ese autorun.inf virus. Pues me parece que el virus lo tengo pegado en mi PC y que se inyecta en un autorun.inf al ser conectado, lo cual causa que me aparesca el mensaje de virus.
Bueno quede casi seguro que el virus se encuentra en mi pc, y le e echo scan del nod y nno me parecio nada... asique la unica ayuda que tengo es la de ustedes.
aca posteo el info de HijackThis... haber si si me pueden ayudar.

mas aun.... ahora le conecte un device(pendrive) y me salio un mensaje de nod32 del virus autorun.inf y un mensaje en chico al lado derecho que dicen asi:
esas cosas me salen cada ves que conecto un device..


------------------------------------------------------------------------------------------------

5/24/2009 12:11:31 PM Real-time file system protection file C:\asfl853gin4nnaf.exe probably a variant of Win32/Injector.IZ trojan cleaned by deleting - quarantined FAMILY-4D78CF31\Family Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe.

-----------------------------------------------------------------------------------
5/24/2009 12:13:33 PM Real-time file system protection file E:\autorun.inf INF/Autorun virus deleted FAMILY-4D78CF31\Family Event occurred on a file modified by the application: C:\WINDOWS\explorer.exe.
-------------------------------------------------------------------------------------
5/24/2009 11:50:48 AM Real-time file system protection file C:\RECYCLER\S-1-5-21-329068152-839522115-1177238915-1004\Dc76.exe a variant of Win32/Injector.OV trojan cleaned by deleting - quarantined FAMILY-4D78CF31\Family Event occurred on a file modified by the application: C:\WINDOWS\explorer.exe.
-------------------------------------------------------------------------------------------------
5/23/2009 1:01:38 PM HTTP filter file http://94.102.55.84/shit/crypted.exe probably a variant of Win32/Injector.IZ trojan connection terminated - quarantined FAMILY-4D78CF31\Family

---------------------------------------------------------------------------------------------
5/23/2009 12:52:34 PM Real-time file system protection file C:\System Volume Information\_restore{95521E4E-332B-4A6F-8FC5-B1385F8ED71F}\RP116\A0028132.exe a variant of Win32/Injector.OV trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\svchost.exe.
-------------------------------------------------------------------------------------------
5/23/2009 1:01:38 PM Real-time file system protection file C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\I4R3DD4N\crypted[1].exe probably a variant of Win32/Injector.IZ trojan cleaned by deleting - quarantined FAMILY-4D78CF31\Family Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe.

-------------------------------------------------------------------------------------------------------

5/23/2009 1:01:39 PM Real-time file system protection file C:\asfl8gfkbjjfrgggi4naf.exe probably a variant of Win32/Injector.IZ trojan cleaned by deleting - quarantined FAMILY-4D78CF31\Family Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe.
--------------------------------------------------------------------------------------------------
5/23/2009 11:50:03 AM Real-time file system protection file E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe a variant of Win32/Injector.OV trojan cleaned by deleting - quarantined FAMILY-4D78CF31\Family Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe.
-------------------------------------------------------------------------------------------------------

5/23/2009 11:14:51 AM HTTP filter file http://www.likenoneother.org/shit/crypted.exe probably a variant of Win32/Injector.IZ trojan connection terminated - quarantined FAMILY-4D78CF31\Family
-----------------------------------------------------------------------------------------------

5/23/2009 10:50:37 AM Startup scanner file C:\WINDOWS\winudpmgr.exe a variant of Win32/Injector.OV trojan cleaned by deleting - quarantined
-----------------------------------------------------------------------------------------------------
5/18/2009 3:27:17 AM Real-time file system protection file D:\Photoshop_Cs3_Portable_By_CriPeR\PS\plugins\Fil ters\Crystallize.8BF probably a variant of Win32/Agent trojan cleaned by deleting (after the next restart) - quarantined FAMILY-4D78CF31\Family Event occurred during an attempt to access the file by the application: C:\WINDOWS\explorer.exe.

-------------------------------------------------------------------------------------------------------
Bueno lo que pegue arriba como ven son todos los Logs del Nod32 que me a detectado cada ves que conecto algo..
abajo es el logfile de hijackthis...
espero que me puedan ayudar pq veo que se me metio bien profundo...

gracias nuevamente

----------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:46 PM, on 5/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://lovefm.miemasu.net:60002/kxhcm10.ocx
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://64.119.5.59/home/SonySncRz30View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239349582937
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.179.197.227/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{909D10E8-E756-4EA2-B0E9-FB7D36FFBB36}: NameServer = 194.90.1.5 212.143.212.143
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\wpa.dll
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5820 bytes



----------------------------------------------------------------------------

Gracias!!

porfa !!! ayudenme amigos...

HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!

Alguien me puede ayudar? ya llevo mas de dos semanas esperando a que alguien me ayude , y cada ves me salen mas cosas respecto a este virus...
por ahi me recomendaron algo q se llama antivirus heal... sirve para algo ?
porfa el que me pueda ayudar se lo agradecere