Blog Registrarse Manuales Programas Glosario

Regresar   Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Actualizar ayuda Urgente Virus W32/sality.Y (Terminado/Formateo)
 

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog


Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Respuesta
Página 1 de 2 1 2
 
Enviar a: Herramientas
  post #1  
Antiguo 21/08/09, 00:34:19
Usuario
  
Registrado: abr 2008
Ubicación: venezuela
Mensajes: 21
ayuda Urgente Virus W32/sality.Y (Terminado/Formateo)
hola amigos del foro un saludo a todos ustedes, necesito una ayuda urgente con mi pc. les cuento q hoy meti mi usb en la pc despues de haberla metido en otra pc y para mi sorpresa estaba infectado con un virus, el q mas pude ver q se repetia a cada rato pero no podia hacer nada para eliminarlo era el W32/Sality.Y y despues de q paso esto intente ejecutar varios programas, como el dr.web a veces el mismo antivirus pero nada, no ejecutaban o me salia error, y trato a reiniciar en modo a prueba de fallos y me sale la famosa pantalla azul, aveces cuando estoy trabajando en la pc normal tambien me sale la pantalla azul asi q necesito ayuda


Otra cosa, trate a pasar el panda active scan pero se me qeuda actualizando y no hace mas nada se keda ahi por un largo rato, e intente usar el kaspersky pero tampoco me funciono sera q me pueden ayudar? y disculpen la molestia.

gracias de antemano espero su respuesta

saludos

P.D uso el avira como antivirus y el spybot
Responder Con Cita
InfoSpyware

  post #2  
Antiguo 21/08/09, 00:50:38
Avatar de Anleg_30
Warrior
  
Registrado: dic 2007
Ubicación: B@rc3l0n@ - Venezuela
Mensajes: 5.759
Re: ayuda Urgente Virus W32/sality.Y
Cita:
Originalmente publicado por demongamefreak Ver Mensaje
hola amigos del foro un saludo a todos ustedes, necesito una ayuda urgente con mi pc. les cuento q hoy meti mi usb en la pc despues de haberla metido en otra pc y para mi sorpresa estaba infectado con un virus, el q mas pude ver q se repetia a cada rato pero no podia hacer nada para eliminarlo era el W32/Sality.Y y despues de q paso esto intente ejecutar varios programas, como el dr.web a veces el mismo antivirus pero nada, no ejecutaban o me salia error, y trato a reiniciar en modo a prueba de fallos y me sale la famosa pantalla azul, aveces cuando estoy trabajando en la pc normal tambien me sale la pantalla azul asi q necesito ayuda


Otra cosa, trate a pasar el panda active scan pero se me qeuda actualizando y no hace mas nada se keda ahi por un largo rato, e intente usar el kaspersky pero tampoco me funciono sera q me pueden ayudar? y disculpen la molestia.

gracias de antemano espero su respuesta

saludos

P.D uso el avira como antivirus y el spybot

Que tal demongamefreak

Pues es lamentable, porque el Sality en cualquiera de sus variantes es un virus que infecta los ejecutables, es decir; inyecta parte de su código en todos los programas del sistema y de terceros para hacerlos trabajar de forma erronea o simplemnte inutilizarlos, en especial a los programas de seguridad como antivirus y demas pero ya te abras dado cuenta de ello.

En fin, Sality es primo cercano de Virut, sabes lo que es Virut y que hace¿?. Lo recomendable es que hagas un backup (respaldo) de tus archivos importantes (sin incluir ejecutables) y formatees, No es que sea imposible de eliminar ya que existen variantes menos potentes que otras pero requeriria de mucho tiempo y de hacer pasos detallados y varios escaneos para ir reduciendo la infección siempre y cuando se logre hacer correr alguna aplicasión de desinfección y creeme que un format es mas rápido y menos estresante.




Salu2................>

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #3  
Antiguo 21/08/09, 00:52:43
Avatar de Binnish
Usuario Habitual
  
Registrado: ene 2009
Ubicación: España - Granada
Mensajes: 4.687
Contactar con Binnish a través de MSN Send a message via Skype™ to Binnish
Re: ayuda Urgente Virus W32/sality.Y
Hola demongamefreak

Sólo vengo para dar malas noticias .


Si no has podido ejecutar Dr.Web y te da pantalla azul todo el rato ya es tarde.

El virus Sality es de los mas destructivos que hay. Toca formatear el ordenador lo más seguro.


Puedes intentar esto aunque sea de nuevo::: (Salta todo lo que no puedas hacer)::


Vamos a realizar estos pasos uno a uno. Si no consigues hacer alguna te lo saltas y vas al siguiente. Puede ser interesante imprimir está página o anotar los pasos para ir tachando las tareas realizadas. Ante cualquier duda pregunta.


1. Primer paso

· Descarga y/ o actualiza estos programas, pero no los ejecutes aun.
· Malwarebytes.
· Ccleaner
. Dr. Web Cure-IT

2. Segundo paso

· Apaga restaurar sistema
· Inicia en Modo Seguro.

3. Tercer paso

Ejecuta.

. Dr.CureIt
. Cuando te descargues esta aplicación ya está actualizada. Así que cuando la inicies no actualices. Dale a iniciar y aceptar; realizará un escaneo rápido. Cuando finalice limpia y cura lo que haya encontrado.

· Ccleaner.
· Usando primero su opción "Limpiador", para borrar cookies, archivos temporales de internet y todos los archivos que aparecen como obsoletos o en desuso; y luego usa su opción "Registro" para limpiar todo el Registro de Windows haciendo Copia de Seguridad (cuando se va a realizar la limpieza del registro, el programa te pedirá confirmar si hacer la copia, dale a “”).

· Malwarebytes.
· En su opción de examen completo, y dándole al finalizar "Quitar todo lo encontrado"


4. Cuarto paso

· Reinicias tu ordenador en Modo Normal.
· Activa la opción Restaurar Sistema.

· Realiza un Análisis Online con Kaspersky como se indica en su manual.Seleccionas Mi PC , para que escanee tu sistema al completo . Si no funciona la versión Española, utiliza la Inglesa.


Cuando termines pega los reportes que te genere Malwarebytes, DrWeb y Kaspersky en este post.

El reporte de DrWeb estará en una nueva carpeta llamada WebDoctor en Mis Documentos. Si es muy largo sólo copia la estadística final referida a la limpieza.

Igualmente lee este post::


Socorro, no puedo realizar los 11pasos..(Solucionado)
Remember, remember the fifth of November
Responder Con Cita
  post #4  
Antiguo 21/08/09, 01:08:30
Usuario
  
Registrado: abr 2008
Ubicación: venezuela
Mensajes: 21
Re: ayuda Urgente Virus W32/sality.Y
ahh ok ok q mal eso es lo q menos queria, el formateo, lo estaba considerando como ultima opcion pero al leer el articulo del virut ya me di cuenta q es la solucion mas factible, comenzare a respaldar la informacion mas importante menos los ejecutables...

y Binnish gracias por tu respuesta tambien pero como ya dije no puedo reiniciar en modo a prueba de fallos y el drweb no kiere abrir voy a intentar a realizar los pasos q me dijiste otra vez a ver si logro algo o si me pueden ayudar, y voy a leer ese post q me dejaste ahi.

en un rato les dejo los reportes


muchas gracias por responder tan rapido, y como hago con mi pendrive/mp3 q ahi es donde guardo los archivos y eso, tampoco tiene solucion lo del pendrive?
Responder Con Cita
  post #5  
Antiguo 21/08/09, 10:14:49
Usuario
  
Registrado: abr 2008
Ubicación: venezuela
Mensajes: 21
Re: ayuda Urgente Virus W32/sality.Y
hola buenos dias aki estan los reportes de drweb y malware y el panda act6ive scan xq no me quiso abrir el kaspersky online
aki esta el de drweb era muy largo asi q puse el final como me dijiste

Estadística del chequeo
-----------------------------------------------------------------------------
Objetos chequeados: 213068
Infectados: 224
Infectados con modificaciones: 0
Sospechosos: 0
Programas Adware: 0
Programas Dialer: 0
Programas - bromas: 0
Programas Riskware: 0
Programas Hacktool: 0
Objetos curados: 207
Objetos eliminados: 7
Objetos renombrados: 0
Objetos movidos: 10
Objetos ignorados: 0
Velocidad del chequeo: 231 Kb/s
Tiempo del chequeo: 02:14:43



este es el de malwarebyte

Malwarebytes' Anti-Malware 1.40
Versión de la Base de Datos: 2669
Windows 5.1.2600 Service Pack 2

21/08/2009 8:32:26
mbam-log-2009-08-21 (08-32-26).txt

Tipo de examen : Examen Completo (C:\|E:\|)
Objetos examinados: 152025
Tiempo transcurrido: 35 minute(s), 9 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 10
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 6
Carpetas Infectadas: 2
Ficheros Infectados: 21

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-33we-aax5-34kc2a3452432} (Worm.autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Acha.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AmyMastura.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BabyRina.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrsz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsasc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\registry.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMSSS.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
C:\RECYCLED\BIN (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4 (Autorun.Worm) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\Archivos de programa\Alcohol Soft\Alcohol 120\Alcohol_WinuE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\com.run (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\winuxkkr.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\RECYCLED\BIN\Desktop.ini (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\spec.fne (Autorun.Worm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\¡¡¡¡¡¡.lnk (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\internet.fne (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\og.dll (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\og.edt (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spec.fne (Autorun.Worm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ul.dll (Autorun.Worm) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------------------------


y esta es la del panda

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-08-21 07:51:12
PROTECTIONS: 0
MALWARE: 7
SUSPECTS: 12
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00438621 Trj/Dropper.AET Virus/Trojan No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\com.run
00438621 Trj/Dropper.AET Virus/Trojan No 0 Yes No C:\WINDOWS\system32\com.run
00642819 Trj/Spambot.AB Virus/Trojan No 1 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\dqooqg.exe
00815718 Trj/Agent.MAL Virus/Trojan No 1 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\internet.fne
00815718 Trj/Agent.MAL Virus/Trojan No 1 Yes No C:\WINDOWS\system32\internet.fne
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No C:\C\Settings\dEsKtOp.InI
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No C:\RECYCLED\BIN\Desktop.ini
02948524 W32/Sality.AH Virus No 0 Yes No C:\Documents and Settings\Administrador\Datos de programa\Thinstall\Microsoft Office Professional Edition 2003\1000000b00002i\rundll32.exe
02948524 W32/Sality.AH Virus No 0 Yes No C:\Documents and Settings\Administrador\Datos de programa\Thinstall\Microsoft Office Professional Edition 2003\1000000600002i\svchost.exe
02948524 W32/Sality.AH Virus No 0 Yes No C:\Documents and Settings\Administrador\Datos de programa\Thinstall\TuneUp Utilities 2009\4000009600002i\TUProgSt.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\D\M\IB4\DPRUN.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\D\M\IB5\DPINST.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\D\M\IB5\DPRUN.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\D\M\N\123\NVUIDE.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\D\M\N\4\NVUIDE4.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\D\M\N\4IN\NVUIDE4IN.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\D\M\N\TM\NVUIDE.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\Nero\Nero 9\Nero PhotoSnap\PhotoSnap.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\FlashGet\flashget.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\D\M\IB4\DPINST.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\OWC10\SETUP.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\OWC11\SETUP.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\PFILES\COMMON\MSSHAR ED\DW\DW20.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\PFILES\COMMON\MSSHAR ED\DW\DWTRIG20.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\PFILES\MSOFFICE\OFFI CE11\OFFCLN.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\SETUP\OSE.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX0\4rbvf.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX0\ez3awa.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX1\882vp.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX1\j3hfnr.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\h271i2kk.default \FlashGot.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\D\M\3B\3WARESRV.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\D\M\3B\3WARERUN.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\Counter-Strike 1.6\hl.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004153.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004150.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\AutoFix.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\Herramientas\Ad-Muncher.4.7.By Eduman\Ad Muncher\AdMunch.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\Herramientas\Ad-Muncher.4.7.By Eduman\Ad Muncher\BrowserExtensions.0.4.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\CCleaner\CCleaner.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\NO$GBA\a.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\NO$GBA\NGZoom.ex e
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\NO$GBA\NO$PMP.ex e
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\NO$GBA\NO$WTT.ex e
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\Port PDF Password Remover 3.0\Portable PDF Password Remover 3.0.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\Dial-a-fix\secedit.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\RegUnlocker v195\RegUnlocker v195.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\xp_thumbnail.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\UltraISO Premium Edition v9.3.3.2685\Keygen\Keygen.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\bbs1\custom.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\bbs1\replayview.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Ether Vapor\EtherVapor.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Ether Vapor\evprd_1_04.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Ether Vapor\_uninst.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\eXceed2nd-VAMPIREREX-\eXceed2nd -VAMPIRE REX-\config.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\eXceed2nd-VAMPIREREX-\eXceed2nd -VAMPIRE REX-\eXceed2nd-VR.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\eXceed2nd-VAMPIREREX-\eXceed2nd -VAMPIRE REX-\uninst.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\config.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\config_e.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\IaMPEnglishTranslation-v1_1.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\uninstall_th075e.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\install.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\custom.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\replayview.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\th09e.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\th09_ver150a.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\102h.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\MSOCache\All Users\90000c0a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20. EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\ose.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\setup.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\NVIDIA\Win2KXP\93.71\setup.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\OpenSSL\bin\bntest.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\OpenSSL\bin\destest.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\OpenSSL\bin\openssl.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\OpenSSL\bin\ssltest.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\Trojan Remover\Sschk.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Temp\Ogif\TalkAny\TalkAny.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\install_flash_pl ayer.exe
03614159 W32/Sality.AK Virus Yes 0 Yes No C:\Archivos de programa\USB Disk Security\USBGuard.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\102h.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\custom.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\custom_e.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\th06e.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\th06_english_patch_0.8.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000011.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000016.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000018.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000019.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000025.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0001011.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0001020.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002009.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002018.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002021.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002023.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002026.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002027.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002102.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002110.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002113.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002115.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002116.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002117.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002143.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002148.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002153.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002156.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003143.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003149.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003154.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003155.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004141.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004147.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004149.exe
03614159 W32/Sality.AK Virus No 0 Yes No E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004155.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\sscvih os0.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\sscvih ost.exe
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
No C:\WINDOWS\PSEXESVC.EXE
No C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\dp1.fne
No C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\spec.fne
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\bbs1\Th08_trainer.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\Th10e_trainer.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\Th10j_trainer.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Touhou 11 Subterranean Animism\Th11e_trainer_v2.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Touhou 11 Subterranean Animism\Th11j_trainer_v2.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\th07e_trainer.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\th07j_trainer.exe
No C:\WINDOWS\system32\dp1.fne
No C:\WINDOWS\system32\spec.fne
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
191613 HIGH MS08-020
187733 HIGH MS08-008
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
170904 HIGH MS07-043
157260 HIGH MS07-020
;================================================= ================================================== ================================================== ==============================



trate a desinfectar con el panda pero me tiraba error y me salia la pantalla azul despues

saludos
Responder Con Cita
  post #6  
Antiguo 21/08/09, 20:15:07
Avatar de Binnish
Usuario Habitual
  
Registrado: ene 2009
Ubicación: España - Granada
Mensajes: 4.687
Contactar con Binnish a través de MSN Send a message via Skype™ to Binnish
Re: ayuda Urgente Virus W32/sality.Y
Por el amor de Dios que de basura hay ahí .

Menuda juerga vírica!!!. Ni en mis tiempos de mozo veía yo semejante festival .

IMPORTANTE: No sé si funcionará esto; pero es aconsejable que tengas tus datos ya respaldados por si terminamos de destruir tu sistema operativo en la limpieza. Un Cd de Windows a mano y la lectura de esto::

Manual de Instalación y reparación de Windows 2000/XP/2003


Muchas aplicaciones y programas que tienes no van a funcionar mas

Para eliminar toda esas infecciones esto:::



Descarga OTM
  • Haz un doble clic sobre OTM.exe para ejecutarlo.
  • Asegurate que este marcado : Unregister Dll's and Ocx's
  • Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTM nombrado: Paste Instructions for items to be Moved

Código HTML:
:processes
explorer.exe

:files
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\com.run
C:\WINDOWS\system32\com.run
C:\Documents and Settings\Administrador\Configuración local\Temp\dqooqg.exe
C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\internet.fne
C:\WINDOWS\system32\internet.fne
C:\C\Settings\dEsKtOp.InI
C:\RECYCLED\BIN\Desktop.ini
C:\Documents and Settings\Administrador\Datos de programa\Thinstall\Microsoft Office Professional Edition 2003\1000000b00002i\rundll32.exe
C:\Documents and Settings\Administrador\Datos de programa\Thinstall\Microsoft Office Professional Edition 2003\1000000600002i\svchost.exe
C:\Documents and Settings\Administrador\Datos de programa\Thinstall\TuneUp Utilities 2009\4000009600002i\TUProgSt.exe
C:\D\M\IB4\DPRUN.exe
C:\D\M\IB5\DPINST.exe
C:\D\M\IB5\DPRUN.exe
C:\D\M\N\123\NVUIDE.exe
C:\D\M\N\4\NVUIDE4.exe
C:\D\M\N\4IN\NVUIDE4IN.exe
C:\D\M\N\TM\NVUIDE.exe
C:\Archivos de programa\Nero\Nero 9\Nero PhotoSnap\PhotoSnap.exe
C:\Archivos de programa\FlashGet\flashget.exe
C:\D\M\IB4\DPINST.exe
C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\OWC10\SETUP.EXE
C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\OWC11\SETUP.EXE
C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\PFILES\COMMON\MSSHAR ED\DW\DW20.EXE
C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\PFILES\COMMON\MSSHAR ED\DW\DWTRIG20.EXE
C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\PFILES\MSOFFICE\OFFI CE11\OFFCLN.EXE
C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\SETUP\OSE.EXE
C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX0\4rbvf.exe
C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX0\ez3awa.exe
C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX1\882vp.exe
C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX1\j3hfnr.exe
C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\h271i2kk.default \FlashGot.exe
C:\D\M\3B\3WARESRV.exe
C:\D\M\3B\3WARERUN.exe
C:\Archivos de programa\Counter-Strike 1.6\hl.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004153.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004150.exe
C:\Documents and Settings\Administrador\Escritorio\AutoFix.exe
C:\Documents and Settings\Administrador\Escritorio\Herramientas\Ad-Muncher.4.7.By Eduman\Ad Muncher\AdMunch.exe
C:\Documents and Settings\Administrador\Escritorio\Herramientas\Ad-Muncher.4.7.By Eduman\Ad Muncher\BrowserExtensions.0.4.exe
C:\Archivos de programa\CCleaner\CCleaner.exe
C:\Documents and Settings\Administrador\Escritorio\NO$GBA\a.exe
C:\Documents and Settings\Administrador\Escritorio\NO$GBA\NGZoom.exe
C:\Documents and Settings\Administrador\Escritorio\NO$GBA\NO$PMP.exe
C:\Documents and Settings\Administrador\Escritorio\NO$GBA\NO$WTT.exe
C:\Documents and Settings\Administrador\Escritorio\Port PDF Password Remover 3.0\Portable PDF Password Remover 3.0.exe
C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\Dial-a-fix\secedit.exe
C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\RegUnlocker v195\RegUnlocker v195.exe
C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\xp_thumbnail.exe
C:\Documents and Settings\Administrador\Escritorio\UltraISO Premium Edition v9.3.3.2685\Keygen\Keygen.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\bbs1\custom.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\bbs1\replayview.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Ether Vapor\EtherVapor.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Ether Vapor\evprd_1_04.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Ether Vapor\_uninst.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\eXceed2nd-VAMPIREREX-\eXceed2nd -VAMPIRE REX-\config.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\eXceed2nd-VAMPIREREX-\eXceed2nd -VAMPIRE REX-\eXceed2nd-VR.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\eXceed2nd-VAMPIREREX-\eXceed2nd -VAMPIRE REX-\uninst.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\config.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\config_e.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\IaMPEnglishTranslation-v1_1.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\uninstall_th075e.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\install.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\custom.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\replayview.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\th09e.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\th09_ver150a.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\102h.exe
C:\MSOCache\All Users\90000c0a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20. EXE
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\ose.exe
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\setup.exe
C:\NVIDIA\Win2KXP\93.71\setup.exe
C:\OpenSSL\bin\bntest.exe
C:\OpenSSL\bin\destest.exe
C:\OpenSSL\bin\openssl.exe
C:\OpenSSL\bin\ssltest.exe
C:\Archivos de programa\Trojan Remover\Sschk.exe
C:\Temp\Ogif\TalkAny\TalkAny.exe
C:\Documents and Settings\Administrador\Escritorio\install_flash_pl ayer.exe
C:\Archivos de programa\USB Disk Security\USBGuard.exe
E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\102h.exe
E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\custom.exe
E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\custom_e.exe
E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\th06e.exe
E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\th06_english_patch_0.8.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000011.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000016.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000018.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000019.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000025.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0001011.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0001020.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002009.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002018.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002021.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002023.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002026.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002027.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002102.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002110.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002113.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002115.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002116.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002117.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002143.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002148.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002153.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002156.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003143.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003149.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003154.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003155.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004141.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004147.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004149.exe
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004155.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\sscvih os0.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\sscvih ost.exe


:commands
[emptytemp]
[start explorer]
  • Haz clic en MoveIt! Para lanzar la supresión.
  • Cuando el resultado aparece en el marco Results, se abrirá un aviso preguntando si deseamos reiniciar el PC: Pulsar sobre "YES"
  • NOTA: En caso de que no aparezca el aviso de reiniciar. Reinicie manualmente su pc. ya que es importante reiniciar para eliminar las infecciones
  • En tu proximo mensaje pones el reporte de OTM. Se encuentra en C: \ _ OTM\MovedFiles\********_******.txt



Esperamos el reporte
Remember, remember the fifth of November
Responder Con Cita
  post #7  
Antiguo 21/08/09, 21:06:20
Usuario
  
Registrado: abr 2008
Ubicación: venezuela
Mensajes: 21
Re: ayuda Urgente Virus W32/sality.Y
hola y gracias por responder, aki esta el reporte de otm espero y sirva de algo, aunque yo veo q todo sigue igual.




All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\com.run not found.
File/Folder C:\WINDOWS\system32\com.run not found.
File/Folder C:\Documents and Settings\Administrador\Configuración local\Temp\dqooqg.exe not found.
File/Folder C:\Documents and Settings\Administrador\Configuración local\Temp\E_4\internet.fne not found.
File/Folder C:\WINDOWS\system32\internet.fne not found.
File/Folder C:\C\Settings\dEsKtOp.InI not found.
File/Folder C:\RECYCLED\BIN\Desktop.ini not found.
C:\Documents and Settings\Administrador\Datos de programa\Thinstall\Microsoft Office Professional Edition 2003\1000000b00002i\rundll32.exe moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\Thinstall\Microsoft Office Professional Edition 2003\1000000600002i\svchost.exe moved successfully.
C:\Documents and Settings\Administrador\Datos de programa\Thinstall\TuneUp Utilities 2009\4000009600002i\TUProgSt.exe moved successfully.
File/Folder C:\D\M\IB4\DPRUN.exe not found.
File/Folder C:\D\M\IB5\DPINST.exe not found.
File/Folder C:\D\M\IB5\DPRUN.exe not found.
File/Folder C:\D\M\N\123\NVUIDE.exe not found.
File/Folder C:\D\M\N\4\NVUIDE4.exe not found.
File/Folder C:\D\M\N\4IN\NVUIDE4IN.exe not found.
File/Folder C:\D\M\N\TM\NVUIDE.exe not found.
C:\Archivos de programa\Nero\Nero 9\Nero PhotoSnap\PhotoSnap.exe moved successfully.
C:\Archivos de programa\FlashGet\flashget.exe moved successfully.
File/Folder C:\D\M\IB4\DPINST.exe not found.
File/Folder C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\OWC10\SETUP.EXE not found.
File/Folder C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\OWC11\SETUP.EXE not found.
File/Folder C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\PFILES\COMMON\MSSHAR ED\DW\DW20.EXE not found.
File/Folder C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\PFILES\COMMON\MSSHAR ED\DW\DWTRIG20.EXE not found.
File/Folder C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\PFILES\MSOFFICE\OFFI CE11\OFFCLN.EXE not found.
File/Folder C:\Documents and Settings\Administrador\Configuración local\Temp\Rar$EX02.406\FILES\SETUP\OSE.EXE not found.
C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX0\4rbvf.exe moved successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX0\ez3awa.exe moved successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX1\882vp.exe moved successfully.
C:\Documents and Settings\Administrador\Configuración local\Temp\RarSFX1\j3hfnr.exe moved successfully.
File/Folder C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\h271i2kk.default \FlashGot.exe not found.
File/Folder C:\D\M\3B\3WARESRV.exe not found.
File/Folder C:\D\M\3B\3WARERUN.exe not found.
C:\Archivos de programa\Counter-Strike 1.6\hl.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004153.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004150.exe moved successfully.
C:\Documents and Settings\Administrador\Escritorio\AutoFix.exe moved successfully.
C:\Documents and Settings\Administrador\Escritorio\Herramientas\Ad-Muncher.4.7.By Eduman\Ad Muncher\AdMunch.exe moved successfully.
C:\Documents and Settings\Administrador\Escritorio\Herramientas\Ad-Muncher.4.7.By Eduman\Ad Muncher\BrowserExtensions.0.4.exe moved successfully.
C:\Archivos de programa\CCleaner\CCleaner.exe moved successfully.
C:\Documents and Settings\Administrador\Escritorio\NO$GBA\a.exe moved successfully.
C:\Documents and Settings\Administrador\Escritorio\NO$GBA\NGZoom.ex e moved successfully.
C:\Documents and Settings\Administrador\Escritorio\NO$GBA\NO$PMP.ex e moved successfully.
C:\Documents and Settings\Administrador\Escritorio\NO$GBA\NO$WTT.ex e moved successfully.
C:\Documents and Settings\Administrador\Escritorio\Port PDF Password Remover 3.0\Portable PDF Password Remover 3.0.exe moved successfully.
File/Folder C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\Dial-a-fix\secedit.exe not found.
File/Folder C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\RegUnlocker v195\RegUnlocker v195.exe not found.
File/Folder C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\xp_thumbnail.exe not found.
C:\Documents and Settings\Administrador\Escritorio\UltraISO Premium Edition v9.3.3.2685\Keygen\Keygen.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\bbs1\custom.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\bbs1\replayview.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Ether Vapor\EtherVapor.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Ether Vapor\evprd_1_04.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Ether Vapor\_uninst.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\eXceed2nd-VAMPIREREX-\eXceed2nd -VAMPIRE REX-\config.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\eXceed2nd-VAMPIREREX-\eXceed2nd -VAMPIRE REX-\eXceed2nd-VR.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\eXceed2nd-VAMPIREREX-\eXceed2nd -VAMPIRE REX-\uninst.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\config.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\config_e.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\IaMPEnglishTranslation-v1_1.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Immaterial And Missing Power\uninstall_th075e.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\install.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\custom.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\replayview.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\th09e.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\th09_ver150a.exe moved successfully.
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\102h.exe moved successfully.
File/Folder C:\MSOCache\All Users\90000c0a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20. EXE not found.
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\ose.exe moved successfully.
C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\setup.exe moved successfully.
C:\NVIDIA\Win2KXP\93.71\setup.exe moved successfully.
C:\OpenSSL\bin\bntest.exe moved successfully.
C:\OpenSSL\bin\destest.exe moved successfully.
C:\OpenSSL\bin\openssl.exe moved successfully.
C:\OpenSSL\bin\ssltest.exe moved successfully.
C:\Archivos de programa\Trojan Remover\Sschk.exe moved successfully.
C:\Temp\Ogif\TalkAny\TalkAny.exe moved successfully.
File/Folder C:\Documents and Settings\Administrador\Escritorio\install_flash_pl ayer.exe not found.
File/Folder C:\Archivos de programa\USB Disk Security\USBGuard.exe not found.
E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\102h.exe moved successfully.
E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\custom.exe moved successfully.
E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\custom_e.exe moved successfully.
E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\th06e.exe moved successfully.
E:\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\th06_english_patch_0.8.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000011.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000016.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000018.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000019.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0000025.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0001011.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0001020.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002009.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002018.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002021.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002023.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002026.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002027.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002102.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002110.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002113.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002115.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002116.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002117.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002143.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002148.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002153.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0002156.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003143.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003149.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003154.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0003155.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004141.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004147.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004149.exe moved successfully.
E:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004155.exe moved successfully.
File/Folder C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\sscvih os0.exe not found.
File/Folder C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\sscvih ost.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 112664240 bytes
->Temporary Internet Files folder emptied: 3477190 bytes
->Java cache emptied: 5325 bytes
->FireFox cache emptied: 70237200 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328254 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e6c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 212992 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 178,27 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08212009_072534

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_e6c.dat moved successfully.

Registry entries deleted on Reboot...

saludos
Responder Con Cita
  post #8  
Antiguo 21/08/09, 21:11:51
Avatar de Binnish
Usuario Habitual
  
Registrado: ene 2009
Ubicación: España - Granada
Mensajes: 4.687
Contactar con Binnish a través de MSN Send a message via Skype™ to Binnish
Re: ayuda Urgente Virus W32/sality.Y
Vamos a ver que ha quedado del festival vírico

Cita:
º Descarga OTC.exe en el escritorio.

º Lo ejecutas y presionas Cleanup.

Eso eliminará la a OTM, su cuarentena del OTM y a OTC.exe
Vuelve a descargar esto::

Cita:
Dr. Web Cure-IT

Cuando te descargues esta aplicación ya está actualizada. Así que cuando la inicies no actualices. Dale a iniciar y aceptar; realizará un escaneo rápido. Cuando finalice limpia y cura lo que haya encontrado. Pega el reporte en este post.

Realiza un escaneo de nuevo pero esta vez completo y vuelves a pegar el reporte aqui.

El reporte de DrWeb estará en una nueva carpeta llamada WebDoctor en Mis Documentos. Si es muy largo sólo copia la estadística final referida a la limpieza.

Tiene que ser una copia nueva de DrWeb para que funcione.


Y tienes que volver a realizar un escaneo con PANDA.

El virus este lo tenemos que irradicar lo más rápido posible ya que seguirá infectando si queda en algún lugar.

No ejecutes nada, sólo céntrate en hacer lo mencionado.


Esperando con ansias esos reportes para ver cómo va la cosa y espero que no termine por destruir tu sistema operativo
Remember, remember the fifth of November
Responder Con Cita
  post #9  
Antiguo 22/08/09, 09:20:40
Usuario
  
Registrado: abr 2008
Ubicación: venezuela
Mensajes: 21
Re: ayuda Urgente Virus W32/sality.Y
hola aki esta el reporte del drweb y como q se propaga mas a cada minuto aki te dejo el final xq es muy largo el reporte

Estadística del chequeo
-----------------------------------------------------------------------------
Objetos chequeados: 287907
Infectados: 533
Infectados con modificaciones: 2
Sospechosos: 0
Programas Adware: 0
Programas Dialer: 0
Programas - bromas: 0
Programas Riskware: 0
Programas Hacktool: 11
Objetos curados: 495
Objetos eliminados: 1
Objetos renombrados: 0
Objetos movidos: 48
Objetos ignorados: 0
Velocidad del chequeo: 14 Kb/s
Tiempo del chequeo: 03:04:45
-----------------------------------------------------------------------------


y aki esta el del panda

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-08-21 19:43:36
PROTECTIONS: 0
MALWARE: 8
SUSPECTS: 11
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00052 22.exe[C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00052 22.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008256.exe[nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008241.exe[C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008241.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008228.exe[C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008228.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008215.exe[C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008215.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008214.exe[C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008214.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008213.exe[C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008213.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008212.exe[C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008212.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008211.exe[C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008211.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00053 82.exe[C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00053 82.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00052 92.exe[C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00052 92.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\Flash_ Disinfector.exe[nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 33.exe[C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 33.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 34.exe[C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 34.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 31.exe[C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 31.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00053 50.exe[C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00053 50.exe][nircmd.exe]
00642819 Trj/Spambot.AB Virus/Trojan Yes 2 Yes No C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\ilxjq.exe
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0005175.ini
02111504 W32/AutoRun.APJ.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0004259.InI
02908613 Application/ProduKey HackTools No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0007889.exe
02948524 W32/Sality.AH Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \makebt\dsfo.exe
02948524 W32/Sality.AH Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008280.exe
02948524 W32/Sality.AH Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008291.exe
02948524 W32/Sality.AH Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \MULTI_CONTENT\wintools\commandline\bbie.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\XP_UE\Install\Alcohol120\Patch.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008284.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008278.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008277.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008275.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008274.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008273.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008263.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008262.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\7-Zip\7z.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008256.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\7-Zip\7zFM.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\7-Zip\7zG.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\Adobe\Reader 8.0\Reader\AcroRd32.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\DAMN NFO Viewer\DAMN NFO Viewer.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\Java\jre6\bin\java.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008198.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008197.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008196.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008195.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008194.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008191.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008190.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008189.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008188.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008187.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008186.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008185.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008184.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008183.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008182.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008181.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008180.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008179.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008178.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008177.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008176.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008175.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008174.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008173.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\Flash_ Disinfector.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\h271i2kk.default \FlashGot.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007926.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007924.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\JDownloader 0.7\JDownloader.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\Dial-a-fix\secedit.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008292.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\xp_thumbnail.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \HPUSBFW.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \makebt\BootSect.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008294.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \makebt\syslinux.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008295.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \MULTI_CONTENT\wintools\commandline\MbrFix.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \MULTI_CONTENT\wintools\Nu2Menu\setres.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \MULTI_CONTENT\wintools\othertools\ProduKey.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \PeToUSB.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \usb_xpbt\cmdcons\AUTOCHK.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \usb_xpbt\cmdcons\AUTOFMT.EXE
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \X_CONTENT\INSTALL_DRIVERS\bin\7z.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\bbs1\th08_custom_cn.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\custome.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\th09.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\th09e_v1_1.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\custom.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\custom_e.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\th06e.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\custom.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\custom_e.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\replayview.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\th10.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\th10_patch.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\SWR\framedisplayswr.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\SWR\swr_palette_editor\öÛÉF v1.01\öÛÉF.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\SWR\weatherpatch-en.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\SWR\weatherpatch-jp.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Touhou 11 Subterranean Animism\custom_e.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Touhou 11 Subterranean Animism\th11e.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Touhou 11 Subterranean Animism\th11e_patch_1.0a.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\Custom.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\Th07.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\th07bgm.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\th07e.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\th07_ Custom_cn.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\spanish\setup.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\WinDS PRO\windsprox.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\3E39C89\2FB6E586\Drive rScannerApi.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\5C40AA7E\8F9F9DCD\Driv erScanner.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Downloads\CDA_DriverOnly_NonNetwork_esn.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Archivos de programa\Winamp\winampa.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0005296.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0005354.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0005386.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0005435.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0005513.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0006438.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0006550.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\RegUnlocker v195\RegUnlocker v195.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007908.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007909.scr
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007914.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007916.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007917.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007918.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007920.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007921.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007922.exe
03614159 W32/Sality.AK Virus No 0 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007923.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\sscvih ost.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\sscvih os0.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\blastc lnnn.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 48.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 47.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 46.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 45.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 44.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 43.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 42.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 41.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 40.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 39.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 38.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 37.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00000 21.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 84.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 83.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 82.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 81.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 80.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 79.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 78.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 77.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 76.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 75.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008201.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008202.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008203.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008204.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008205.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008206.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008207.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008208.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008209.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008210.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 74.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 73.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00010 18.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 87.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 86.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008216.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008217.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008218.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008219.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008220.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008221.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008222.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008223.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008224.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008225.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008226.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008227.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 85.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008229.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008230.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008231.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008232.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008233.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008234.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008235.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008236.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008237.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008238.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008239.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008240.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 84.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008242.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008243.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008244.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008245.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008246.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008247.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008248.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008249.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008250.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008251.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008252.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008253.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008255.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 83.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 82.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008257.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008258.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 81.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 80.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 79.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 78.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 77.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00054 76.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00020 16.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00021 11.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00021 51.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00031 51.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00031 83.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00042 57.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00041 99.exe
05494346 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00041 98.exe
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
No C:\WINDOWS\PSEXESVC.EXE
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\bbs1\Th08_trainer.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\Th10e_trainer.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\Th10j_trainer.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Touhou 11 Subterranean Animism\Th11e_trainer_v2.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Touhou 11 Subterranean Animism\Th11j_trainer_v2.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\th07e_trainer.exe
No C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\th07j_trainer.exe
No C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0007883.exe
No C:\XP_UE\I386\SPNPINST.EXE
No C:\XP_UE\I386\TELNET.EXE
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
191613 HIGH MS08-020
187733 HIGH MS08-008
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
170904 HIGH MS07-043
157260 HIGH MS07-020
;================================================= ================================================== ================================================== ==============================


espero tu respuesta

saludos

edito: en el panda esta vez si lo logre desinfectar, no lo hice antes por miedo a q me saliera la pantalla azul pero me dice q si desinfecto.... noc si kieres q te deje el reporte nuevo? la mayoria especialmente donde esta el sality se desinfecto
Última edición por demongamefreak fecha: 22/08/09 a las 11:04:30. Razón: reporte del panda
Responder Con Cita
  post #10  
Antiguo 22/08/09, 15:20:23
Avatar de Binnish
Usuario Habitual
  
Registrado: ene 2009
Ubicación: España - Granada
Mensajes: 4.687
Contactar con Binnish a través de MSN Send a message via Skype™ to Binnish
Re: ayuda Urgente Virus W32/sality.Y
Pues sí! me gustaría ver ese nuevo reporte porque eso se reproduce demasiado rápido y no se le puede poner fin .

De todos modos haz esto en modo urgente::


Descarga OTM
  • Haz un doble clic sobre OTM.exe para ejecutarlo.
  • Asegurate que este marcado : Unregister Dll's and Ocx's
  • Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTM nombrado: Paste Instructions for items to be Moved

Código HTML:
:processes
explorer.exe

:files

C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \makebt\dsfo.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008280.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008291.exe
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \MULTI_CONTENT\wintools\commandline\bbie.exe
C:\XP_UE\Install\Alcohol120\Patch.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008284.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008278.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008277.EXE
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008275.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008274.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008273.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008263.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008262.exe
C:\Archivos de programa\7-Zip\7z.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008256.exe
C:\Archivos de programa\7-Zip\7zFM.exe
C:\Archivos de programa\7-Zip\7zG.exe
C:\Archivos de programa\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Archivos de programa\DAMN NFO Viewer\DAMN NFO Viewer.exe
C:\Archivos de programa\Java\jre6\bin\java.exe
C:\Archivos de programa\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008198.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008197.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008196.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008195.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008194.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008191.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008190.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008189.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008188.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008187.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008186.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008185.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008184.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008183.EXE
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008182.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008181.EXE
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008180.EXE
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008179.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008178.EXE
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008177.EXE
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008176.EXE
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008175.EXE
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008174.EXE
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008173.EXE
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\Flash_ Disinfector.exe
C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\h271i2kk.default \FlashGot.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007926.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007924.exe
C:\Documents and Settings\Administrador\Escritorio\JDownloader 0.7\JDownloader.exe
C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\Dial-a-fix\secedit.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008292.exe
C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\xp_thumbnail.exe
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \HPUSBFW.EXE
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \makebt\BootSect.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008294.exe
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \makebt\syslinux.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008295.exe
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \MULTI_CONTENT\wintools\commandline\MbrFix.exe
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \MULTI_CONTENT\wintools\Nu2Menu\setres.exe
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \MULTI_CONTENT\wintools\othertools\ProduKey.exe
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \PeToUSB.exe
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \usb_xpbt\cmdcons\AUTOCHK.EXE
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \usb_xpbt\cmdcons\AUTOFMT.EXE
C:\Documents and Settings\Administrador\Escritorio\USB_MultiBoot_10 \X_CONTENT\INSTALL_DRIVERS\bin\7z.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\bbs1\th08_custom_cn.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\custome.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\th09.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kaei\kaei\th09e_v1_1.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\custom.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\custom_e.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\kouma\th06e.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\custom.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\custom_e.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\replayview.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\th10.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Mountain of Faith\th10_patch.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\SWR\framedisplayswr.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\SWR\swr_palette_editor\öÛÉF v1.01\öÛÉF.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\SWR\weatherpatch-en.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\SWR\weatherpatch-jp.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Touhou 11 Subterranean Animism\custom_e.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Touhou 11 Subterranean Animism\th11e.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\Touhou 11 Subterranean Animism\th11e_patch_1.0a.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\Custom.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\Th07.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\th07bgm.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\th07e.exe
C:\Documents and Settings\Administrador\Mis documentos\Downloads\[Shanghai Alice] Touhou 01-9.5\yym\th07_ Custom_cn.exe
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\spanish\setup.exe
C:\Documents and Settings\All Users\Datos de programa\WinDS PRO\windsprox.exe
C:\Documents and Settings\All Users\Datos de programa\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\3E39C89\2FB6E586\Drive rScannerApi.exe
C:\Documents and Settings\All Users\Datos de programa\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\5C40AA7E\8F9F9DCD\Driv erScanner.exe
C:\Downloads\CDA_DriverOnly_NonNetwork_esn.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0005296.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP1\A0005354.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0005386.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0005435.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0005513.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0006438.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP2\A0006550.exe
C:\Documents and Settings\Administrador\Escritorio\Reparacion_Xp_By _ReKoLeKtoR\RegUnlocker v195\RegUnlocker v195.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007908.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007909.scr
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007914.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007916.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007917.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007918.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007920.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007921.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007922.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0007923.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\sscvih ost.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\sscvih os0.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\blastc lnnn.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 48.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 47.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 46.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 45.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 44.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 43.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 42.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 41.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 40.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 39.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 38.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00078 37.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00000 21.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 84.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 83.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 82.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 81.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 80.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 79.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 78.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 77.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 76.exe
C:\Documents and Settings\Administrador\DoctorWeb\Quarantine\A00064 75.exe
C:\System Volume Information\_restore{709D4768-593F-4438-A9EC-B43C62A8BF88}\RP3\A0008201.exe



:commands
[emptytemp]
[start explorer]
  • Haz clic en MoveIt! Para lanzar la supresión.
  • Cuando el resultado aparece en el marco Results, se abrirá un aviso preguntando si deseamos reiniciar el PC: Pulsar sobre "YES"
  • NOTA: En caso de que no aparezca el aviso de reiniciar. Reinicie manualmente su pc. ya que es importante reiniciar para eliminar las infecciones
  • En tu proximo mensaje pones el reporte de OTM. Se encuentra en C: \ _ OTM\MovedFiles\********_******.txt




Luego esto::

Cita:
Es muy simple lo que tenes que hacer es esto:

Apaga restaurar sistema, reinicia la PC y volves a prender restaurar sistema y volves a reiniciar la PC.

Pega el reporte de LOP y el nuevo de Panda
Remember, remember the fifth of November
Responder Con Cita
Respuesta
Página 1 de 2 1 2

« Tema Anterior | Próximo Tema »
Herramientas

Reglas del foro
No puedes crear nuevos temas
No puedes responder temas
No puedes subir adjuntos
No puedes editar tus mensajes
BB code is activado
Las caritas están activado
Código [IMG] está activado
Código HTML está desactivado
Trackbacks are desactivado
Pingbacks are activado
Refbacks are activado

Temas Similares
Tema Autor Foro Respuestas Último mensaje
Tengo los Malware's,Lop,OnLineGames,Troyanos,Vundo,Navipromo ,Virus,Trojan.DNSChanger. Koko26 Temas Solucionados 37 23/07/09 18:32:40
ayuda con VBS/terrosist.ow (solucionado) jonesss Temas Solucionados 14 21/06/09 01:03:05
Teniendo problemas con troyanos xXHaseoXx Foro de Virus y Spywares 17 23/05/09 00:57:37
Re: virus en el sistema chester_00 Foro de Virus y Spywares 19 21/05/09 01:42:12
Ayuda con estos problemas!!!!! (Terminado - Formateo) GASOLINAMAN Temas Solucionados 18 22/02/09 17:08:24




Todas las horas son GMT -4. La hora es 02:08:17.

Sobre Infospyware - Contáctanos - Políticas del Foro - Staff - Archivo - Blog  

Powered by: InfoSpyware, Versión 3.8.4
Copyright © 2004 - 2009, ForoSpyware.com
© Copyright 2005 - 2009 InfoSpyware ® Todos los derechos reservados.
InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31