| |||||||
| Temas Solucionados Casos de HijackThis y Malwares resueltos. (Solo lectura) |
 |
| | Enviar a: | Herramientas |
 | 
04/11/09, 21:50:52
|  |
| |||
| problema con troyano win32/qhost (Solucionado) Saludos Describo mi problema... mi antivirus (NOD32 3.0.650) me detecta un troyano y me muestra la siguiente ventanita  y cada vez que la cierro vuelve a aparecer... he leido en el foro y al parecer este troyano es parte de una familia PSGuard... lo raro es que esto apareció hoy, y no he instalado nada aparte de un programa para transformar videos de flv a cualquier formato (y me instalo una barra que ya desinstale) seguí los pasos que aparecen aca http://www.forospyware.com/t4239.html pero al ejecutar HijackThis en el log no me aparece ninguno de los nombrados en la página... asi que por la duda consulto acá. alguna sugerencia? gracias  |
| InfoSpyware | ||
| |
|
04/11/09, 22:11:56
| |
| ||||
| Re: problema con troyano win32/qhost Que tal janomichi2,
Tinenes el Reporte de la Herramienta MalwareBytes ¿? Si es así, la copias y pegas en tu próxima respuesta. En modo Normal Realiza un Scan Online con el Panda ActiveScan+Manual y pega el reporte que genere. Dejame ese par de reportes en tu próximo Post. Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
05/11/09, 03:10:32
| |
| |||
| Re: problema con troyano win32/qhost holas despues de un buen rato el panda termino ... :) este es el reporte Código: ;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-11-05 03:34:24
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 13
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 Antivirus 3.0 3.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@atdmt[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@tribalfusion[2].txt
00145792 Cookie/SexList TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@sexlist[1].txt
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@counter15.sextracker[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@ad.yieldmanager[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@bs.serving-sys[2].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@sextracker[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@zedo[2].txt
00180154 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@counter16.sextracker[1].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\usuario\cookies\usuario@xxxcounter[2].txt
02479233 Adware/SystemGuard2009 Adware No 0 Yes No c:\documents and settings\usuario\configuración local\temp\msxml71.dll
02479233 Adware/SystemGuard2009 Adware No 0 Yes No c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp78\a0034402.dll
02526591 Trj/Downloader.WFS Virus/Trojan No 1 Yes Yes c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp80\a0035732.exe
02526591 Trj/Downloader.WFS Virus/Trojan No 1 Yes Yes c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp80\a0035671.exe
02591863 Generic Backdoor Virus/Trojan Yes 0 Yes Yes c:\windows\system32\drivers\runtime.exe
02732107 Trj/Sinowal.DW Virus/Trojan No 1 Yes Yes c:\documents and settings\usuario\configuración local\archivos temporales de internet\content.ie5\zzyjasso\load[1].exe
02732107 Trj/Sinowal.DW Virus/Trojan No 1 Yes Yes c:\documents and settings\usuario\configuración local\temp\pdfupd.exe
05525366 Hacktool/Tcpz.A HackTools Yes 0 Yes No c:\windows\system32\drivers\drvmon64.sys
05525366 Hacktool/Tcpz.A HackTools No 0 Yes No c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp93\a0065932.sys
05525366 Hacktool/Tcpz.A HackTools No 0 Yes No c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp93\a0065945.sys
05525366 Hacktool/Tcpz.A HackTools No 0 Yes No c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp93\a0065951.sys
05525366 Hacktool/Tcpz.A HackTools No 0 Yes No c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp93\a0065996.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\jano\mingw\binutils-2.19.1-mingw32-bin.tar.gz[binutils-2.19.1-mingw32-bin.tar][bin/addr2line.exe]
No c:\jano\mingw\binutils-2.19.1-mingw32-bin.tar.gz[binutils-2.19.1-mingw32-bin.tar][bin/dlltool.exe]
No c:\jano\mingw\binutils-2.19.1-mingw32-bin.tar.gz[binutils-2.19.1-mingw32-bin.tar][mingw32/bin/dlltool.exe]
No c:\jano\pen 02-05-09\ciber\binutils-2.19.1-mingw32-bin.tar.gz[binutils-2.19.1-mingw32-bin.tar][bin/addr2line.exe]
No c:\jano\pen 02-05-09\ciber\binutils-2.19.1-mingw32-bin.tar.gz[binutils-2.19.1-mingw32-bin.tar][bin/dlltool.exe]
No c:\jano\pen 02-05-09\ciber\binutils-2.19.1-mingw32-bin.tar.gz[binutils-2.19.1-mingw32-bin.tar][mingw32/bin/dlltool.exe]
No c:\jano\pen 02-05-09\programas_utiles\generador 2.0 para actualizaciones del antivirus nod32\generador.exe
No c:\jano\pen 02-05-09\programas_utiles\portable.idm.v5.05.3\bin\idmmkb.dll~~
No c:\programas utiles\haxe\hxinst-win.exe
No c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp69\a0022900.rbf
No c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp71\a0024039.rbf
No c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp71\a0024098.exe
No c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp78\a0034115.dll
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
214076 HIGH MS09-059
971486 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
214071 HIGH MS09-054
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212490 HIGH MS09-038
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
191613 HIGH MS08-020
187733 HIGH MS08-008
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
170904 HIGH MS07-043
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141033 MEDIUM MS06-075
137571 HIGH MS06-070
133379 HIGH MS06-057
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126082 HIGH MS06-041
123421 HIGH MS06-036
120818 HIGH MS06-025
120815 HIGH MS06-022
117384 MEDIUM MS06-018
114666 HIGH MS06-015
108744 MEDIUM MS06-008
108742 MEDIUM MS06-006
104567 HIGH MS06-002
96574 HIGH MS05-053
93395 HIGH MS05-051
93454 MEDIUM MS05-049
;===================================================================================================================================================================================
 saludos.... Última edición por janomichi2 fecha: 05/11/09 a las 03:13:08. |
|
05/11/09, 11:26:13
| |
| ||||
| Re: problema con troyano win32/qhost Ok, Descarga OTM + MANUAL Ejecuta la Herramienta OTMoveIt:
Código HTML:
:Files
c:\documents and settings\usuario\configuraci¢n local\temp\msxml71.dll
c:\jano\mingw\binutils-2.19.1-mingw32-bin.tar.gz
c:\jano\pen 02-05-09\ciber\binutils-2.19.1-mingw32-bin.tar.gz
c:\jano\pen 02-05-09\programas_utiles\generador 2.0 para actualizaciones del antivirus nod32\generador.exe
c:\jano\pen 02-05-09\programas_utiles\portable.idm.v5.05.3\bin\idmmkb.dll~~
c:\programas utiles\haxe\hxinst-win.exe
c:\windows\system32\drivers\drvmon64.sys
c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp93
c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\rp78
:Commands
[emptytemp]
[Reboot]
Dejame ese reporte y me comentas si marcha todo bién......... Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
05/11/09, 12:23:15
| |
| |||
| Re: problema con troyano win32/qhost okas esto me arrojo el otm Código: All processes killed
========== FILES ==========
File/Folder c:\documents and settings\usuario\configuraci¢n local\temp\msxml71.dll not found.
c:\jano\mingw\binutils-2.19.1-mingw32-bin.tar.gz moved successfully.
c:\jano\pen 02-05-09\ciber\binutils-2.19.1-mingw32-bin.tar.gz moved successfully.
c:\jano\pen 02-05-09\programas_utiles\generador 2.0 para actualizaciones del antivirus nod32\generador.exe moved successfully.
c:\jano\pen 02-05-09\programas_utiles\portable.idm.v5.05.3\bin\idmmkb.dll~~ moved successfully.
c:\programas utiles\haxe\hxinst-win.exe moved successfully.
c:\windows\system32\drivers\drvmon64.sys moved successfully.
c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\RP93\snapshot\Repository\FS moved successfully.
c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\RP93\snapshot\Repository moved successfully.
c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\RP93\snapshot moved successfully.
Folder move failed. c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\RP93 scheduled to be moved on reboot.
c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\RP78\snapshot\Repository\FS moved successfully.
c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\RP78\snapshot\Repository moved successfully.
c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\RP78\snapshot moved successfully.
c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\RP78 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 70546 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: papito-mono
->Temp folder emptied: -1655665968 bytes
->Temporary Internet Files folder emptied: 65701584 bytes
->Java cache emptied: 22360664 bytes
->FireFox cache emptied: 67017601 bytes
->Google Chrome cache emptied: 49970572 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2129229 bytes
%systemroot%\System32 .tmp files removed: 2909 bytes
Windows Temp folder emptied: 220928819 bytes
RecycleBin emptied: 83713 bytes
Total Files Cleaned = -1170,48 mb
OTM by OldTimer - Version 3.0.0.6 log created on 11052009_130708
Files moved on Reboot...
Folder move failed. c:\system volume information\_restore{cc92db76-247b-4e07-87fe-4eef5ac73018}\RP93 scheduled to be moved on reboot.
Registry entries deleted on Reboot...
el malwarebytes tambien lo hice correr y elimino lo que encontro... ahora mi pc esta bien al parecer.... gracias por todo :) |
|
05/11/09, 12:50:27
| |
| ||||
| Re: problema con troyano win32/qhost Ahora solo elimina la carpeta de OTM ubicada en C:\OTM y vacia la papelera de reciclaje Damos por solventado el tema  Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
05/11/09, 15:46:15
| |
| |||
| Re: problema con troyano win32/qhost (Solucionado)  gracias por todo... |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
| |
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| Test Antivirus 2 (AMPLIADO) | HERRANTE | Off-Topic | 44 | 08/05/09 08:00:09 |
| tengo virus...win.32rungbu.a win32agent.arnex (Solucionado) | sophie2308 | Temas Solucionados | 24 | 04/04/09 19:52:58 |
| Trojano+MSN+Host (Solucionado) | Over-Crash | Temas Solucionados | 5 | 19/12/08 07:31:39 |
| Ayuda con....edlm y edlm2 | anmanadu | Foro de Virus y Spywares | 1 | 23/05/06 22:40:01 |
| Se me apaga el pc cada 8 min... =( (Solucionado) | Skboy | Temas Solucionados | 3 | 22/02/06 17:41:24 |
Todas las horas son GMT -4. La hora es 16:26:04.
