• Registrarse
  • Iniciar sesión


  • Página 1 de 5 12345 ÚltimoÚltimo
    Resultados 1 al 10 de 42

    Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

    Que tal!. Me gustaria pedir su ayuda con este problema que esta afectando mi equipo y el de algunos compañeros. El equipo comenzo a sentirse lento, al correr el Malwarebyte como rutina encuentra cientos de ...

    1. #1
      Usuario Avatar de fvelazquez11
      Registrado
      feb 2013
      Ubicación
      mon
      Mensajes
      27

      Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

      Que tal!.

      Me gustaria pedir su ayuda con este problema que esta afectando mi equipo y el de algunos compañeros.

      El equipo comenzo a sentirse lento, al correr el Malwarebyte como rutina encuentra cientos de items infectados.

      Al reiniciar seleccionando la opcion de eliminar los mismos items vuelven a aparecer.

      He intentado eliminarlos con Kapersky y da el mismo resultado, el Symantec y Windows Defender ni los detecta.

      Gracias por su ayuda.

      Copio el Log del Malwarebyte.

      Malwarebytes Anti-Malware 1.70.0.1100
      www.malwarebytes.org

      Database version: v2013.01.28.07

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      alan.soto :: MM-MF10-DE1269 [administrator]

      1/28/2013 12:16:26 PM
      mbam-log-2013-01-28 (12-16-26).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
      Scan options disabled: P2P
      Objects scanned: 275702
      Time elapsed: 6 minute(s), 43 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 1
      HKLM\System\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully.

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 144
      c:\system82\firefox.exe (Trojan.Banker) -> Delete on reboot.
      c:\documents and settings\alan.soto\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\alan~1~sot\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\all users\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\default user\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\lgemm\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\localservice\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\migrate\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\networkservice\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\alan.soto\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\alan.soto\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\alan~1~sot\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\all users\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\default user\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\windows\system32\windupdt\firefox.exe (Backdoor.Agent.DC) -> Delete on reboot.
      c:\windows\system32\install\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\program files\temp\firefox.exe (Backdoor.Bifrose) -> Delete on reboot.
      c:\program files\windows\firefox.exe (Backdoor.Bifrose) -> Delete on reboot.
      c:\documents and settings\alan.soto\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\alan~1~sot\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\all users\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\default user\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\lgemm\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\localservice\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\migrate\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\networkservice\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\system32\firefox.exe (Misused.Legit) -> Delete on reboot.
      c:\documents and settings\alan.soto\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\temp\history\firefox.exe (Trojan.Downloader) -> Delete on reboot.
      c:\usernk\user\pps\firefox.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\alan.soto\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\alan.soto\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\program files\systeme32\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\alan.soto\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\alan.soto\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\perfillogis\firefox.exe (Trojan.Banker) -> Delete on reboot.
      c:\win2012\firefox.exe (Trojan.Banker) -> Delete on reboot.
      c:\documents and settings\alan.soto\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\alan.soto\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\alan.soto\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\all users\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\default user\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\localservice\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\migrate\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\alan.soto\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\all users\documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\default user\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\lgemm\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\migrate\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\windows\install\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\alan.soto\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\default user\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\windows\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\alan.soto\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\ricardo.rodrigez\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.

      (end)

    2. #2
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

      Hola fvelazquez11 bienvenido al foro :

      Tenes una infección muy complicada en tu equipo

      Veo que hiciste un escaneo rápido, no me quiero imagina lo que va a pasar cuando sea en análisis completo.

      Hace lo siguiente:

      1. Descarga e instala los siguientes programas


      Ejecuta los programas de la siguiente manera:

      1. Abrí el programa Malwarebytes y anda a la pestaña actualizar y actualizas a la ultima versión y la ultima base de datos
      2. Anda a la pestaña Escáner y realizas un Análisis completo. seleccionando todos los discos conectados a tu pc
      3. Una vez finalizado, pulsa sobre "Mostrar los Resultados " y "Eliminar Seleccionadas" como se demuestra en esta imagen
      4. En el caso de que te pida reiniciar,reinicia.
      5. Peganos el reporte del escaneo del malwarebytes despues de reiniciar,esta en la pestaña Registros.
      1. Ejecutar CCleaner usando primero su opción de "Limpiador" para borrar cookies y temporales de Internet
      2. Usa su opción de "Registro" para limpiar todo el registro de Windows creando antes una copia de seguridad
      1. Realiza un análisis completo con Eset Nod32 online
      2. Lo abris
      3. Marcas las casillas de Eliminar las amenazas detectadas y analizar archivos.
      4. Haces clic en Configuración adicional y ahi marcas las casillas:

        Analizar en busca de aplicaciones potencialmente indeseables.
      5. Analizar en busca de aplicaciones potencialmente peligrosas.
      6. Activar la tecnolgía Anti-Stealth.
      7. Pulsas en Iniciar para que empiece a descargar la base firmas de virus y posteriormente empiece a analizar tu sistema.
      8. Cuando acabe haz clic en Finalizar
      9. Localiza y pega el reporte ubicado en C:\Archivos de programa\ESET\ESET Online Scanner\log
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de fvelazquez11
      Registrado
      feb 2013
      Ubicación
      mon
      Mensajes
      27

      Re: Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

      Malwarebytes Anti-Malware (Trial) 1.70.0.1100
      Malwarebytes : Free anti-malware download

      Database version: v2013.02.15.08

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 7.0.5730.13
      francisco.velazquez :: MM-MF10-NE0392 [administrator]

      Protection: Enabled

      2013-02-15 3:00:42 PM
      mbam-log-2013-02-15 (15-00-42).txt

      Scan type: Full scan (C:\|D:\|)
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
      Scan options disabled: P2P
      Objects scanned: 517641
      Time elapsed: 1 hour(s), 10 minute(s), 14 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 1
      HKLM\System\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully.

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 221
      c:\system82\firefox.exe (Trojan.Banker) -> Delete on reboot.
      c:\documents and settings\administrator\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\all users\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\antonio.flores\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\default user\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\jh.leem\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\lgemm\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\localservice\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\migrate\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\networkservice\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\cookies\firefox\firefox.exe (Backdoor.Agent.DCGen) -> Delete on reboot.
      c:\documents and settings\all users\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\microsoftupdater\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\administrator\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\all users\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\default user\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\duc20\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\windows\system32\windupdt\firefox.exe (Backdoor.Agent.DC) -> Delete on reboot.
      c:\windows\system32\install\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\program files\temp\firefox.exe (Backdoor.Bifrose) -> Delete on reboot.
      c:\program files\windows\firefox.exe (Backdoor.Bifrose) -> Delete on reboot.
      c:\documents and settings\administrator\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\all users\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\antonio.flores\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\default user\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\jh.leem\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\lgemm\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\localservice\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\migrate\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\documents and settings\networkservice\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
      c:\system32\firefox.exe (Misused.Legit) -> Delete on reboot.
      c:\documents and settings\all users\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\directory\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\temp\history\firefox.exe (Trojan.Downloader) -> Delete on reboot.
      c:\usernk\user\pps\firefox.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\windowdefenderprogram\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\program files\systeme32\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\mkla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\perfillogis\firefox.exe (Trojan.Banker) -> Delete on reboot.
      c:\win2012\firefox.exe (Trojan.Banker) -> Delete on reboot.
      c:\documents and settings\all users\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\favorites\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\administrator\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\my documents\chrome.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\antonio.flores\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\default user\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\jh.leem\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\localservice\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\migrate\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\microsoftupdater\firefox.exe (Backdoor.Messa) -> Delete on reboot.
      c:\documents and settings\administrator\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\all users\documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\antonio.flores\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\default user\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\jh.leem\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\lgemm\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\migrate\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\my documents\resimlerim\profiles\chrome.exe (Backdoor.DarkKomet) -> Delete on reboot.
      c:\windows\install\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\default user\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\local settings\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\windows\temp\plugtmp\chrome.exe (Backdoor.Agent) -> Delete on reboot.
      c:\documents and settings\all users\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\antonio.flores\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\beatriz.santiago\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\default user\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\edwin.garcia\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\jh.leem\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm.mm-mf10-ne0392\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\lgemm\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\localservice\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\mauricio.dominguez\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\migrate\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\neromediahomeuser.4\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\documents and settings\networkservice\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.
      c:\windows\system32\config\systemprofile\application data\mozilla\firefox.exe (Trojan.Agent) -> Delete on reboot.

      (end)

    4. #4
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

      Hola,

      Falta la parte de arriba del informe de Malwarebytes y falta el informe de Eset.

      Por favor, en tu próxima respuesta pega el informe de Eset y únicamente la parte de arriba Malwarebytes

      saludos
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de fvelazquez11
      Registrado
      feb 2013
      Ubicación
      mon
      Mensajes
      27

      Re: Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

      El reporte de ESET esta tardando mucho lleva hora y media pero si avanza. Sobre el Malwarebytes es todo lo que me aparece, le di seleccionar todo copiar y pegar, lo acabo de Confirmar.

      Cuando termine el ESET lo pego aqui editando este mismo mensaje.

      Saludos

    6. #6
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

      Hola,

      Entendido, lo que tenes que hacer en ves de editar la respuesta es pegarlo en una nueva respuesta ya que no me llega notificación cuando se edita un post pero si cuando hay una nueva respuesta

      saludos
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de fvelazquez11
      Registrado
      feb 2013
      Ubicación
      mon
      Mensajes
      27

      Re: Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

      Aqui esta el analisis del Eset

      [email protected] as CAB hook log:
      OnlineScanner.ocx - registred OK
      # version=8
      # iexplore.exe=7.00.6000.17109 (vista_gdr.120227-1644)
      # OnlineScanner.ocx=1.0.0.6920
      # api_version=3.0.2
      # EOSSerial=4de081d3a9852f46b81e2f0e8df33e5e
      # engine=13167
      # end=stopped
      # remove_checked=false
      # archives_checked=true
      # unwanted_checked=true
      # unsafe_checked=true
      # antistealth_checked=true
      # utc_time=2013-02-15 11:32:45
      # local_time=2013-02-15 05:32:45 (-0600, Mexico Standard Time)
      # country="United States"
      # lang=1033
      # osver=5.1.2600 NT Service Pack 3
      # compatibility_mode=5889 16768445 100 100 1049922 200788311 0 289965
      # scanned=8438
      # found=37
      # cleaned=0
      # scan_time=3572
      sh=421BCC521E7CC12769C5E44D58CE5C01A878907F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0191936.mol"
      sh=AA9618331B5D552888AD5BDBF4DF56BAFC1450B3 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0192000.mol"
      sh=84534ED3E08B5B8FFC70F57594984E003DCD7B6F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0253568.mol"
      sh=EF8F68FDFCB181799473F5B62FB4727215EF031D ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0253696.mol"
      sh=5FFDC4FC2860C2BE1465BE7E47E564D5E6A4BFE1 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0275712.mol"
      sh=4912B624344F895585D6DE9326E9837C63D49E3B ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0284672.mol"
      sh=7074001FCD90D783614905BEF1BAFA94CC0F20DF ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0284736.mol"
      sh=560D87049777C7043AD93458E80E986ADD5353AA ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0284800.mol"
      sh=A68B87F3D288BC00312863B06B23C516A107FB10 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0523840.mol"
      sh=1E3959580266824BFFE5385E30DB922FD404F381 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0523904.mol"
      sh=0C3D836185EEF219854BE85383193FEA2AEF1429 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0523968.mol"
      sh=86048D097544A8BFF832AE1A62EDD8786C629FF1 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0524992.mol"
      sh=B4DD016943841A2016B4F049A1F930437B0B3119 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0525056.mol"
      sh=CC140E573ED6B8AC91E3AB58732864BCB3D89838 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0525120.mol"
      sh=70ABD8557578D94DD9272C7FE992E098DE469A4F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0525184.mol"
      sh=79874F4E1DF2DDEC18C1E94907BA21E355DA41E9 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0525248.mol"
      sh=13866007F76FAECBDC1AFE25100E1BB6D8975F2C ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0525312.mol"
      sh=C963880F6A81EA59F91E4CFC5098FDE290219E89 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f1111744.mol"
      sh=31E8EC62E8873071A0D9455871B13CE65CEC90BE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4245120.mol"
      sh=59459DF1788D97A6EE907EF81F801242C85ED9F0 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4245184.mol"
      sh=36D6E71558732BCE1E6C197C3FB404A027FA77BE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4256192.mol"
      sh=3AC97790F11B94CDB707B921729D1AB53243A460 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4256256.mol"
      sh=26B4181C473952F6B2F18E76BF5ED0041B6F1DEA ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376192.mol"
      sh=30C5FE78FE13128D8EE8C5E51E1FC73690E23304 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376256.mol"
      sh=12CF8ED21540C7B813318CC65B07F4E8CE0357A4 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376320.mol"
      sh=2DE17FDF2C78F6A4130884D81B4DECA4693272A0 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376384.mol"
      sh=6D84D84E41A9ECCC2CE404B0AD8F3F4F0741E377 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376448.mol"
      sh=CBD27CA698A15C57AAF1AD2B8CE35EC2A1948CD3 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376512.mol"
      sh=B023FD21CD5EE6A0D76B4DA0781D98F326F6F26C ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376704.mol"
      sh=F3CDDADC7C5C63E514AB4F0E58FA088BB14F884B ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4377920.mol"
      sh=5AD5B28C23EE05212E6EF008BD3E1B2A325889D2 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4377984.mol"
      sh=907B6A191BF00EF7238F44AE372D945089CD2CEE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4378048.mol"
      sh=CBC17902352E96F6E8C25D361E171707156A3EA3 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4378112.mol"
      sh=2AAC4F670AAFA40A1BA25454D82B91B0A50A9F48 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4378176.mol"
      sh=0871F5ECB679BAF3AF1032C9A195E8D08A42D726 ft=0 fh=0000000000000000 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Documents and Settings\lgemm\My Documents\APP\Nero.v8.2.8.0_ES.Trial-Keys_leian1306.rar"
      sh=5446EBA4A260F9F6A57F660064FB21FF4D11B055 ft=1 fh=e71389696674655e vn="a variant of Win32/Somoto.A application" ac=I fn="C:\Documents and Settings\lgemm\My Documents\APP\Wintoflash_downloader_by_betterinstaller.exe"
      sh=0B74FB57CECA9523288BDCAB3A13FB4DD610CA46 ft=1 fh=399935f7099250c1 vn="Win32/Toolbar.AskSBar application" ac=I fn="C:\Documents and Settings\lgemm\My Documents\APP\Nero.v8.2.8.0_ES.Trial-Keys_leian1306\Nero 8.2.8.0 (español) Trial.exe"
      # version=8
      # iexplore.exe=7.00.6000.17109 (vista_gdr.120227-1644)
      # OnlineScanner.ocx=1.0.0.6920
      # api_version=3.0.2
      # EOSSerial=4de081d3a9852f46b81e2f0e8df33e5e
      # engine=13167
      # end=finished
      # remove_checked=true
      # archives_checked=true
      # unwanted_checked=true
      # unsafe_checked=true
      # antistealth_checked=true
      # utc_time=2013-02-16 04:03:37
      # local_time=2013-02-15 10:03:37 (-0600, Mexico Standard Time)
      # country="United States"
      # lang=1033
      # osver=5.1.2600 NT Service Pack 3
      # compatibility_mode=5889 16768445 100 100 1066174 200804563 0 306217
      # scanned=131323
      # found=39
      # cleaned=39
      # scan_time=16110
      sh=421BCC521E7CC12769C5E44D58CE5C01A878907F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0191936.mol"
      sh=AA9618331B5D552888AD5BDBF4DF56BAFC1450B3 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0192000.mol"
      sh=84534ED3E08B5B8FFC70F57594984E003DCD7B6F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0253568.mol"
      sh=EF8F68FDFCB181799473F5B62FB4727215EF031D ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0253696.mol"
      sh=5FFDC4FC2860C2BE1465BE7E47E564D5E6A4BFE1 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0275712.mol"
      sh=4912B624344F895585D6DE9326E9837C63D49E3B ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0284672.mol"
      sh=7074001FCD90D783614905BEF1BAFA94CC0F20DF ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0284736.mol"
      sh=560D87049777C7043AD93458E80E986ADD5353AA ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0284800.mol"
      sh=A68B87F3D288BC00312863B06B23C516A107FB10 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0523840.mol"
      sh=1E3959580266824BFFE5385E30DB922FD404F381 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0523904.mol"
      sh=0C3D836185EEF219854BE85383193FEA2AEF1429 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0523968.mol"
      sh=86048D097544A8BFF832AE1A62EDD8786C629FF1 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0524992.mol"
      sh=B4DD016943841A2016B4F049A1F930437B0B3119 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0525056.mol"
      sh=CC140E573ED6B8AC91E3AB58732864BCB3D89838 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0525120.mol"
      sh=70ABD8557578D94DD9272C7FE992E098DE469A4F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0525184.mol"
      sh=79874F4E1DF2DDEC18C1E94907BA21E355DA41E9 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0525248.mol"
      sh=13866007F76FAECBDC1AFE25100E1BB6D8975F2C ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f0525312.mol"
      sh=C963880F6A81EA59F91E4CFC5098FDE290219E89 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f1111744.mol"
      sh=31E8EC62E8873071A0D9455871B13CE65CEC90BE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4245120.mol"
      sh=59459DF1788D97A6EE907EF81F801242C85ED9F0 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4245184.mol"
      sh=36D6E71558732BCE1E6C197C3FB404A027FA77BE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4256192.mol"
      sh=3AC97790F11B94CDB707B921729D1AB53243A460 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4256256.mol"
      sh=26B4181C473952F6B2F18E76BF5ED0041B6F1DEA ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376192.mol"
      sh=30C5FE78FE13128D8EE8C5E51E1FC73690E23304 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376256.mol"
      sh=12CF8ED21540C7B813318CC65B07F4E8CE0357A4 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376320.mol"
      sh=2DE17FDF2C78F6A4130884D81B4DECA4693272A0 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376384.mol"
      sh=6D84D84E41A9ECCC2CE404B0AD8F3F4F0741E377 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376448.mol"
      sh=CBD27CA698A15C57AAF1AD2B8CE35EC2A1948CD3 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376512.mol"
      sh=B023FD21CD5EE6A0D76B4DA0781D98F326F6F26C ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4376704.mol"
      sh=F3CDDADC7C5C63E514AB4F0E58FA088BB14F884B ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4377920.mol"
      sh=5AD5B28C23EE05212E6EF008BD3E1B2A325889D2 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4377984.mol"
      sh=907B6A191BF00EF7238F44AE372D945089CD2CEE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4378048.mol"
      sh=CBC17902352E96F6E8C25D361E171707156A3EA3 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4378112.mol"
      sh=2AAC4F670AAFA40A1BA25454D82B91B0A50A9F48 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\Application Data\asoftech\DataRecovery\data\temp.1\f4378176.mol"
      sh=0871F5ECB679BAF3AF1032C9A195E8D08A42D726 ft=0 fh=0000000000000000 vn="Win32/Toolbar.AskSBar application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\My Documents\APP\Nero.v8.2.8.0_ES.Trial-Keys_leian1306.rar"
      sh=5446EBA4A260F9F6A57F660064FB21FF4D11B055 ft=1 fh=e71389696674655e vn="a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\My Documents\APP\Wintoflash_downloader_by_betterinstaller.exe"
      sh=0B74FB57CECA9523288BDCAB3A13FB4DD610CA46 ft=1 fh=399935f7099250c1 vn="Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\lgemm\My Documents\APP\Nero.v8.2.8.0_ES.Trial-Keys_leian1306\Nero 8.2.8.0 (español) Trial.exe"
      sh=3610F643F4F60F8739022031D317635915072DCF ft=1 fh=34952562f53d1d38 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="D:\Tools\MediaCoder-0[1][1].7.5.4702.exe"
      sh=021E2A2D49EBEA05B6DF10F3A26137827F96F201 ft=0 fh=0000000000000000 vn="Win32/PSWTool.KonBoot.A application (deleted - quarantined)" ac=C fn="D:\Tools\ISO\Hirens.BootCD.11.0.zip"

    8. #8
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

      Hola,

      Ya se ven muchísimas menos infecciones en tu equipo

      Hace lo siguiente:

      1. Descarga UsbFix


      Ejecuta USBFix de la siguiente manera:

      1. Conecta todos tus Dispositivos Extraibles, (pendrive, disco duro externo, Micro SD, etc)
      2. Haga doble Click sobre USBFix
      3. Pulsa la opción Supresión
      4. El proceso de desinfección se iniciará, el ordenador se reiniciará si es necesario.
      5. Cuando Windows inicie, USBFix, arrancará en automático, para complementar el proceso de desinfección y vacunación.
      6. * USBFix, genera un reporte, el cual se encuentra generalmente en C:\USBFix.txt


      Nota: UsbFix creará una carpeta oculta llamada "autorun.inf" en cada partición y cada unidad USB que se encuentre conectado al momento de ejecutar este. No elimine esta carpeta ... eso le ayudará a proteger sus dispositivos USB de futuras infecciones
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de fvelazquez11
      Registrado
      feb 2013
      Ubicación
      mon
      Mensajes
      27

      Re: Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

      ############################## | UsbFix V 7.106 | [Deletion]

      User: francisco.velazquez (Administrator) # MM-MF10-NE0392
      Updated 12/02/2013 by El Desaparecido
      Started at 09:06:38 | 16/02/2013

      Website: SosVirus • Page d
      Contact: [email protected]

      PC: Dell Inc. (Precision M4400 ) (X86-based PC)
      CPU: Intel Pentium III Xeon processor (2526)
      RAM -> [Total : 3572 | Free : 2314]
      BIOS: Phoenix ROM BIOS PLUS Version 1.10 A25
      BOOT: Normal boot

      OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
      WB: Windows Internet Explorer 7.0.5730.13

      SC: Security Center Service [Enabled]
      WU: Windows Update Service [Enabled]
      FW: Windows FireWall Service [(!) Disabled]

      C:\ (%systemdrive%) -> Fixed drive # 68 Gb (17 Mb free - 25%) [] # NTFS
      D:\ -> Fixed drive # 81 Gb (2 Mb free - 2%) [] # NTFS
      E:\ -> CD-ROM

      ################## | Stopped processes |

      Stopped! C:\WINDOWS\system32\nvsvc32.exe (1632)
      Stopped! C:\Program Files\Windows Defender\MsMpEng.exe (2000)
      Stopped! C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (320)
      Stopped! C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (1072)
      Stopped! C:\WINDOWS\system32\spoolsv.exe (1352)
      Stopped! c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe (1648)
      Stopped! C:\Program Files\LGEAD\ADAgentService.exe (856)
      Stopped! C:\Program Files\Motorola Scanner\Common\CoreScanner.exe (1364)
      Stopped! C:\Program Files\MarkAny\Document SAFER\DSH_Service.exe (1936)
      Stopped! C:\WINDOWS\limansvc.exe (452)
      Stopped! C:\WINDOWS\ImageSAFERSvc.exe (676)
      Stopped! C:\Program Files\Java\jre6\bin\jqs.exe (748)
      Stopped! C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (796)
      Stopped! C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (2172)
      Stopped! C:\WINDOWS\system32\ImageSAFERStart_X86.exe (2516)
      Stopped! C:\Program Files\MarkAny\Document SAFER\DSH_Loader.exe (2600)
      Stopped! C:\Program Files\Motorola Scanner\Common\HidKeyboardEmulator.exe (2056)
      Stopped! C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (2100)
      Stopped! C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe (2380)
      Stopped! C:\Program Files\Motorola Scanner\Common\RSMDriverProviderService.exe (3352)
      Stopped! C:\Program Files\Motorola Scanner\Common\ScannerService.exe (1704)
      Stopped! C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe (2644)
      Stopped! C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (3072)
      Stopped! C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (2668)
      Stopped! C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (3260)
      Stopped! c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (3616)
      Stopped! C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (2440)
      Stopped! C:\Program Files\TightVNC\tvnserver.exe (2956)
      Stopped! C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe (2524)
      Stopped! C:\WWCNT\WWCSERVICE.EXE (896)
      Stopped! C:\WINDOWS\system32\CCM\CcmExec.exe (3384)
      Stopped! C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (1872)
      Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (1020)
      Stopped! C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (3952)
      Stopped! C:\WWCNT\SYSTEM\PMonitor.exe (5784)
      Stopped! C:\Program Files\Common Files\Symantec Shared\ccApp.exe (1444)
      Stopped! C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (4328)
      Stopped! C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (4936)
      Stopped! C:\Program Files\RocketDock\RocketDock.exe (5928)
      Stopped! C:\WINDOWS\system32\ctfmon.exe (2220)
      Stopped! C:\Program Files\i-Messenger UC\iMessengerUC.exe (4580)
      Stopped! C:\Program Files\Internet Explorer\iexplore.exe (5184)
      Stopped! C:\Program Files\Internet Explorer\iexplore.exe (2072)
      Stopped! C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (6092)
      Stopped! C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (7788)

      ################## | Files # Infected Folders |

      Deleted ! C:\DOCUME~1\lgemm\LOCALS~1\Temp\xmlUpdater.exe

      (!) Temporary files deleted.

      ################## | Registry |


      ################## | Mountpoints2 |

      Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{fada2674-0781-11e2-8ab8-0ceee693b864}

      ################## | Listing |

      [07/12/2012 - 12:45:52 | SHD ] C:\$RECYCLE.BIN
      [26/09/2012 - 15:31:02 | N | 1024] C:\.rnd
      [31/07/2012 - 07:11:37 | D ] C:\895d056433ea3f7629d3
      [06/11/2012 - 20:19:46 | D ] C:\Accessory Program
      [11/09/2012 - 14:41:14 | N | 22] C:\ArchivosRelojes v5.14.5.zip
      [21/08/2012 - 10:33:23 | D ] C:\Autodesk
      [27/07/2012 - 16:11:30 | N | 0] C:\AUTOEXEC.BAT
      [02/02/2013 - 14:43:22 | N | 203] C:\boot.ini
      [31/07/2012 - 15:18:13 | N | 211] C:\boot_old.ini
      [12/11/2012 - 08:19:50 | D ] C:\Components
      [27/07/2012 - 16:11:30 | N | 0] C:\CONFIG.SYS
      [28/07/2012 - 08:03:04 | D ] C:\DELL
      [22/01/2013 - 07:32:03 | D ] C:\Documents and Settings
      [15/02/2013 - 14:55:34 | N | 22397] C:\eset-online-scanner.htm
      [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1028.txt
      [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1031.txt
      [07/11/2007 - 07:00:40 | N | 10134] C:\eula.1033.txt
      [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1036.txt
      [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1040.txt
      [07/11/2007 - 07:00:40 | N | 118] C:\eula.1041.txt
      [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1042.txt
      [07/11/2007 - 07:00:40 | N | 17734] C:\eula.2052.txt
      [07/11/2007 - 07:00:40 | N | 17734] C:\eula.3082.txt
      [30/07/2012 - 15:07:16 | D ] C:\Farpoint
      [07/11/2007 - 07:00:40 | N | 1110] C:\globdata.ini
      [21/09/2012 - 08:15:14 | D ] C:\HP LJ P4010 Series Printer
      [21/09/2012 - 08:15:03 | D ] C:\HP P4014n
      [07/11/2007 - 07:03:18 | N | 562688] C:\install.exe
      [07/11/2007 - 07:00:40 | N | 843] C:\install.ini
      [07/11/2007 - 07:03:18 | N | 76304] C:\install.res.1028.dll
      [07/11/2007 - 07:03:18 | N | 96272] C:\install.res.1031.dll
      [07/11/2007 - 07:03:18 | N | 91152] C:\install.res.1033.dll
      [07/11/2007 - 07:03:18 | N | 97296] C:\install.res.1036.dll
      [07/11/2007 - 07:03:18 | N | 95248] C:\install.res.1040.dll
      [07/11/2007 - 07:03:18 | N | 81424] C:\install.res.1041.dll
      [07/11/2007 - 07:03:18 | N | 79888] C:\install.res.1042.dll
      [07/11/2007 - 07:03:18 | N | 75792] C:\install.res.2052.dll
      [07/11/2007 - 07:03:18 | N | 96272] C:\install.res.3082.dll
      [28/07/2012 - 07:34:29 | D ] C:\Intel
      [27/07/2012 - 16:11:30 | N | 0] C:\IO.SYS
      [31/07/2012 - 10:56:24 | N | 26772] C:\LGEAD.log
      [16/01/2013 - 08:07:12 | D ] C:\LOG
      [11/02/2013 - 16:21:32 | D ] C:\MACROPRO
      [28/12/2012 - 14:58:24 | D ] C:\MES Source
      [12/02/2013 - 10:23:16 | D ] C:\MESLOG
      [05/02/2013 - 14:21:10 | N | 24576] C:\MESYNC.exe
      [16/08/2012 - 13:05:37 | N | 2099040] C:\MSDE2kLog.txt
      [27/07/2012 - 16:11:30 | N | 0] C:\MSDOS.SYS
      [30/07/2012 - 1153 | RHD ] C:\MSOCache
      [01/08/2012 - 18:16:54 | D ] C:\My Music
      [13/04/2008 - 17:00:00 | N | 47564] C:\NTDETECT.COM
      [13/04/2008 - 17:00:00 | N | 250048] C:\ntldr
      [01/11/2012 - 11:49:39 | D ] C:\OCX
      [31/07/2012 - 10:23:38 | D ] C:\orant
      [12/02/2013 - 08:37:37 | D ] C:\OWMS
      [15/02/2013 - 16:14:00 | ASH | 2145386496] C:\pagefile.sys
      [15/02/2013 - 16:27:51 | D ] C:\Program Files
      [31/07/2012 - 13:31:57 | SHD ] C:\RECYCLER
      [20/11/2012 - 20:24:36 | N | 587722] C:\REDETH-00223574-0042.EXE
      [11/09/2012 - 14:41:19 | N | 9782] C:\Semaforo.BLD
      [05/02/2013 - 12:16:39 | N | 55454464] C:\SpybotSD2.exe
      [02/02/2013 - 14:45:39 | SHD ] C:\System Volume Information
      [12/02/2013 - 11:57:46 | N | 316940] C:\Update_UsbFix.exe
      [16/02/2013 - 09:08:58 | D ] C:\UsbFix
      [16/02/2013 - 09:09:23 | A | 7714] C:\UsbFix [Clean 1] MM-MF10-NE0392.txt
      [07/11/2007 - 07:00:40 | N | 5686] C:\vcredist.bmp
      [28/09/2012 - 10:25:33 | D ] C:\WCH.CN
      [30/07/2012 - 14:59:51 | D ] C:\Win32App
      [15/02/2013 - 16:27:53 | D ] C:\WINDOWS
      [02/02/2013 - 14:45:02 | N | 5154304] C:\WindowsDefender.msi
      [13/08/2012 - 08:13:08 | D ] C:\WWCnt
      [15/02/2013 - 19:32:14 | D ] C:\WWNtuser
      [07/12/2012 - 12:45:54 | SHD ] D:\$RECYCLE.BIN
      [13/08/2012 - 13:33:06 | N | 48640] D:\2012.08.13 COM 2.xls
      [31/01/2013 - 08:57:37 | N | 55035] D:\2013-01-31.LOG
      [05/02/2013 - 06:56:06 | D ] D:\2013.02.05
      [17/01/2013 - 18:40:26 | N | 25458688] D:\AR1.MDB
      [17/01/2013 - 18:40:22 | N | 9930752] D:\AR2.MDB
      [30/07/2012 - 15:24:41 | D ] D:\Arranque
      [30/07/2012 - 15:24:49 | D ] D:\asd
      [05/11/2012 - 17:54:40 | D ] D:\Backup Amador
      [17/01/2013 - 18:40:25 | N | 22071296] D:\CallSign.MDB
      [18/12/2012 - 12:36:26 | N | 313689] D:\Cognex.pptx
      [08/01/2013 - 10:15:41 | N | 4847] D:\date.ADM
      [31/01/2013 - 18:07:24 | D ] D:\EMP01
      [31/01/2013 - 19:35:42 | N | 734003200] D:\EMP01.part1.rar
      [31/01/2013 - 19:17:42 | N | 730740886] D:\EMP01.part2.rar
      [26/09/2008 - 10:14:44 | N | 5703113] D:\END_WORK.mp3
      [16/08/2012 - 15:22:29 | D ] D:\Etime
      [10/01/2013 - 08:09:33 | D ] D:\FINALS
      [30/07/2012 - 15:24:50 | D ] D:\Lite
      [04/01/2013 - 16:24:42 | N | 12939] D:\logo.jpg
      [30/07/2012 - 15:24:54 | D ] D:\logos
      [30/07/2012 - 15:24:55 | D ] D:\LSE3090ST
      [04/05/2012 - 15:52:28 | N | 4388864] D:\Materiales.Lab
      [30/07/2012 - 15:25:46 | D ] D:\MM_MONITORING
      [30/07/2012 - 15:26:40 | D ] D:\NINTENDO
      [30/07/2012 - 15:26:44 | D ] D:\Package
      [30/07/2012 - 15:26:50 | D ] D:\RANGE LOG
      [31/07/2012 - 13:31:57 | SHD ] D:\RECYCLER
      [30/07/2012 - 15:26:53 | D ] D:\Reg Com
      [30/07/2012 - 15:26:53 | D ] D:\Reg Comp
      [30/07/2012 - 15:26:53 | D ] D:\Remote Shutdown
      [30/07/2012 - 15:26:57 | D ] D:\Reportes
      [31/07/2012 - 07:47:57 | SHD ] D:\System Volume Information
      [11/02/2013 - 18:34:19 | D ] D:\Temp
      [17/01/2013 - 18:37:05 | ASH | 6656] D:\Thumbs.db
      [15/02/2013 - 22:00:30 | D ] D:\Tools
      [14/02/2013 - 17:55:46 | D ] D:\USB Back
      [01/11/2012 - 08:01:44 | D ] D:\[MES] OCX Files
      [18/12/2012 - 14:59:14 | | 165] D:\~$Cognex.pptx
      [30/08/2012 - 09:26:31 | N | 610769] Z:\depends22_x86.zip
      [19/01/2012 - 12:07:40 | D ] Z:\LOG
      [26/07/2012 - 10:47:25 | D ] Z:\MM_Documents
      [19/01/2010 - 11:03:53 | D ] Z:\MM_SetUp
      [21/01/2013 - 18:35:31 | D ] Z:\MM_SourceDB
      [21/06/2011 - 07:45:54 | N | 91205835] Z:\MM_SourceDB_20110621.rar
      [28/09/2011 - 1720 | D ] Z:\MM_Source_Work
      [30/08/2012 - 09:44:56 | N | 1042] Z:\ppadaily.sql
      [10/10/2012 - 16:31:50 | D ] Z:\PPMsBoard
      [30/08/2012 - 11:01:44 | D ] Z:\SfxBar
      [30/08/2012 - 11:00:09 | N | 13159491] Z:\SfxBar.zip
      [03/01/2012 - 15:26:57 | ASH | 5632] Z:\Thumbs.db
      [30/08/2012 - 11:12:58 | N | 2918644] Z:\TopckitSetup.exe
      [26/09/2011 - 15:49:43 | D ] Z:\VS2008

      ################## | Vaccin |

      C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      Z:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

      ################## | E.O.F | SosVirus • Page d |

    10. #10
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: Malwarebytes deteceta Backdoor.Agent.DCGen pero no elimina

      Hola,

      Abrí Usbfix y dale a Desistalar

      1. Abrí el programa Malwarebytes y anda a la pestaña actualizar y actualizas a la ultima versión y la ultima base de datos
      2. Anda a la pestaña Escáner y realizas un Análisis completo. seleccionando todos los discos conectados a tu pc
      3. Una vez finalizado, pulsa sobre "Mostrar los Resultados " y "Eliminar Seleccionadas" como se demuestra en esta imagen
      4. En el caso de que te pida reiniciar,reinicia.
      5. Peganos el reporte del escaneo del malwarebytes despues de reiniciar,esta en la pestaña Registros.
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 5 12345 ÚltimoÚltimo