Tengo virus! va el reporte de Kaspersky! (Solucionado)

Buscar

		Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Tengo virus! va el reporte de Kaspersky! (Solucionado)

InfoSpyware sortea una T-Shirts

Participa en el sorteo por una "Camiseta Oficial de InfoSpyware" gracias al amigo Enjuto Mojamuto

Para evitar Virus, Spyware y ventanas emergentes, en InfoSpyware recomendamos navegar con: FIREFOX

Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Herramientas

post #1 (permalink)

10/08/06, 16:00:07

dieguillo

Usuario

Registrado: feb 2006

Ubicación: Argentina

Mensajes: 13

Tengo virus! va el reporte de Kaspersky! (Solucionado)

Hola simplemente para pedir ayuda! tengo virus y realicé un scan con Kaspersky online arrojando este resultado:

KASPERSKY ONLINE SCANNER REPORT
Thursday, August 10, 2006 4:24:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/08/2006
Kaspersky Anti-Virus database records: 201206

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\

Scan Statistics
Total number of scanned objects 56931
Number of viruses found 15
Number of infected objects 44 / 0
Number of suspicious objects 0
Duration of the scan process 01:13:58

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Microsoft\Outlook\jjcarr1.NK2 Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Microsoft\Outlook\jjcarr1.srs Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\CD.CDX Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\CD.DBF Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\CDTRAX.CDX Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\CDTRAX.DBF Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\PLAYGRPS.CDX Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\PLAYGRPS.DBF Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\PLAYLIST.CDX Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\PLAYLIST.DBF Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\PLAYLIST.FPT Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\PLAYTRAX.CDX Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\PLAYTRAX.DBF Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\TRACKS.DBF Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\TRACKS.FPT Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\TRACKS2.CDX Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\TRAKINFO.CDX Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\db\TRAKINFO.DBF Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\ErrorLogs\CDBurning.log Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\ErrorLogs\GenDevices.log Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\ErrorLogs\pdgenctnomad.log Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\ErrorLogs\pdgenwmdm.log Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Real\RealPlayer\skins\data\normal\imgcache.da t Object is locked skipped

C:\Documents and Settings\jjcarr1\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Temp\~DF86C8.tmp Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Temp\~DF86D5.tmp Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Temp\~DF9E90.tmp Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\My Documents\Outlook\Campaña 2006.pst Object is locked skipped

C:\Documents and Settings\jjcarr1\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\jjcarr1\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Altiris\Altiris Agent\Agents\InventoryRuleAgent\InventoryRuleCache .iad Object is locked skipped

C:\Program Files\Altiris\Altiris Agent\PackageDownload\pkgdlvlk.tmp Object is locked skipped

C:\Program Files\Altiris\Altiris Agent\Software Delivery\pkgdlvlk.tmp Object is locked skipped

C:\Program Files\Altiris\Altiris Agent\Tasks\AeXTaskSchedulerLock\taskSchedulerLock .tmp Object is locked skipped

C:\Program Files\Trend Micro\OfficeScan Client\ConnLog\Conn_20060810.log Object is locked skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0026742.exe Infected: Packed.Win32.Tibs skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0026774.exe Infected: Packed.Win32.Tibs skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0027085.exe Infected: Packed.Win32.Tibs skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0031643.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0031956.exe Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0032000.exe Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0032053.exe Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0032337.exe Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0032396.exe Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0032397.exe Infected: Trojan-Downloader.Win32.VB.afr skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0032398.dll Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0032399.dll Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0032595.exe Infected: Trojan-Downloader.Win32.Small.dbx skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0032636.exe Infected: not-virus:Hoax.Win32.Renos.dk skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0033725.exe Infected: Trojan-Downloader.Win32.Small.ciw skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0035164.exe Infected: Trojan-Downloader.Win32.Small.dkt skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0039562.exe Infected: Trojan-Downloader.Win32.VB.ajp skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0039564.dll Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\ADOBEPNL.DLL Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\bvrgwncg.exe Infected: Trojan-Downloader.Win32.VB.aan skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\fjonudzw.exe Infected: Trojan-Downloader.Win32.Small.dkt skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\hbzdvmhx.exe Infected: Packed.Win32.Tibs skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\internetoloper.exe Infected: Packed.Win32.Tibs skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\iymhrpfe.exe Infected: Packed.Win32.Tibs skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\kptsplig.exe Infected: Trojan-Downloader.Win32.Small.dbx skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\mfxuhzoq.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\nfrjapps.exe Infected: Trojan-Downloader.Win32.Small.ciw skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\OFFICE_PNL.DLL Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\olocppos.exe Infected: Trojan-Downloader.Win32.Small.dbx skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\PARAD.RAW.EXE Infected: Packed.Win32.Tibs skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\poomszwe.exe Infected: Trojan-Downloader.Win32.VB.ajp skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\qjrkvy.exe Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\taskdir.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\taskdir~.exe Infected: SpamTool.Win32.Agent.g skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\tidgzasf.exe Infected: Trojan-Downloader.Win32.VB.afr skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\users32.exe Infected: not-virus:Hoax.Win32.Renos.dk skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\uvzqcxft.mrj Infected: Trojan-Clicker.Win32.Small.js skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\uvzuxtcl.exe Infected: Packed.Win32.Tibs skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\uwmmuryq.exe Infected: Trojan-Downloader.Win32.VB.afr skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\winflash.dll Infected: not-virus:Hoax.Win32.Renos.dm skipped

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\wqshmodl.exe Infected: Packed.Win32.Tibs skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\biifjjgk.exe Infected: Trojan-Downloader.Win32.Small.din skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\msmq\storage\l0000001.mq Object is locked skipped

C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped

C:\WINDOWS\system32\phqghume.exe Infected: Packed.Win32.Tibs skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\ykufkonj.exe Infected: Trojan-Downloader.Win32.Small.cjk skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

post #2 (permalink)

10/08/06, 17:52:47

matlock1985 matlock1985 está offline

Usuario

Registrado: may 2006

Ubicación: Argentina

Mensajes: 519

Re: Tengo virus! va el reporte de Kaspersky!

Hola!
Hace 2 escaneos, en ewido y en Panda q t van a desinfectar la mayoria:
http://www.ewido.net/en/onlinescan/
http://www.pandasoftware.es/productos/activescan.htm

Luego nos pegas el reporte q generen.

PAsa el DiskCleaner para limpiar archivos temporales http://www.forospyware.com/attachmen...e?d=1139350886
Saludos

Última edición por matlock1985 fecha: 10/08/06 a las 17:55:14.

post #3 (permalink)

10/08/06, 21:55:19

Lalets

Usuario

Registrado: abr 2006

Ubicación: --

Mensajes: 1.834

Re: Tengo virus! va el reporte de Kaspersky!

mejor realiza lo siguiente:

apaga restaurar el sistema

ver archivos ocultos

reinicia en modo a prueba de fallos

busca y elimina:

C:\WINDOWS\system32\biifjjgk.exe

C:\WINDOWS\system32\ykufkonj.exe

C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT<---en este caso lo que haya adentro de esa carpeta o si el antivirus Trend micro te trae la opcion de limpiar su carentena hazlo desde alli

pasa el disk cleaner para limpiar cookies y temporales

utiliza el regseeker+manual para limpiar el registro

deshaz el paso uno y reinicia en modo normal, luego vuelve a escanear tu pc con el ewido y el kaspersky online y peganos el reporte del kaspersky y de lo que no te elimine el ewido, que creo que ya estarias limpio, comenta como sigue tu pc...

salu2

post #4 (permalink)

18/08/06, 08:16:01

dieguillo

Usuario

Registrado: feb 2006

Ubicación: Argentina

Mensajes: 13

Re: Tengo virus! va el reporte de Kaspersky!

________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\CLSID\{a2595f37-48d0-46a1-9b51-478591a97764}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{a2595f37-48d0-46a1-9b51-478591a97764}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}
Risk: Medium

Name: Adware.IntCodec
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Explorer Security Plugin 2006
Risk: Medium

Name: Adware.IntCodec
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Security Add-On
Risk: Medium

Name: Adware.IntCodec
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Public Messenger ver 2.03
Risk: Medium

Name: Adware.IntCodec
Path: HKU\S-1-5-21-832845451-1414544425-794563710-11207\Software\Internet Security
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-21-832845451-1414544425-794563710-11207\Software\Microsoft\Windows\CurrentVersion\Ex t\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-21-832845451-1414544425-794563710-11207\Software\Microsoft\Windows\CurrentVersion\Ex t\Stats\{A2595F37-48D0-46A1-9B51-478591A97764}
Risk: Medium

Name: Trojan.Small
Path: C:\Program Files\Media-Codec
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\iesplugin.dll
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\iesuninst.exe
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\isaddon.dll
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\isamini.exe
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\isamonitor.exe
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\isauninst.exe
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\ot.ico
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\pmmon.exe
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\pmsngr.exe
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\pmuninst.exe
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\ts.ico
Risk: High

Name: Trojan.Small
Path: C:\Program Files\Media-Codec\uninst.exe
Risk: High

Name: Downloader.Obfuscated.n
Path: C:\WINDOWS\Downloaded Program Files\gdnUS2218.exe
Risk: High

Este es el reporte del Ewido. Sigo con molestas publicitarias a pesar de hacer lo que me dijeron! . Slds y Gracias!!!!

post #5 (permalink)

18/08/06, 14:19:21

matlock1985 matlock1985 está offline

Usuario

Registrado: may 2006

Ubicación: Argentina

Mensajes: 519

Re: Tengo virus! va el reporte de Kaspersky!

Hola
Si es q no lo hiciste, Recuerda eliminar lo q t encontro el ewido.
Vi q tienes el Media-Codec yo lo tuve anteriormente y lo elimine con el Spybot q t lo detecta. A mi me sirvio, asi q espero q a vos tambien. si no t lo limpia nos avisas y t informamos los nuevos pasos a seguir.
T recomiendo q t lo descargues y tambien el SpywareBlaster para tener la pc protegida, estan aca:Anti-Spywares - Info Spyware
Actualizalos y luego hace un escaneo con el Spybot. t dejo los manuales:
Manual de SpyBot S&D en español
Manual de SpywareBlaster en Español

Cita:

Este es el reporte del Ewido. Sigo con molestas publicitarias a pesar de hacer lo que me dijeron! . Slds y Gracias!!!!

Q tipo de publicidad es la q t aparece??? es de casinos??. cuentanos asi t damos nuevos pasos a seguir

Despues nos cuentas como t fue
Saludos

Última edición por matlock1985 fecha: 18/08/06 a las 14:23:16.

post #6 (permalink)

18/08/06, 14:31:28

<¡D3vIL!>

Warrior

Registrado: may 2006

Ubicación: <¡ChiL3!>

Mensajes: 6.593

Re: Tengo virus! va el reporte de Kaspersky!

hola dieguillo

Descargate DelPSGuard.zip pero no lo ejecutes aún.

Hace lo siguiente:

Apaga Restaurar Sistema

Ver archivos ocultos

Reinicia a prueba de fallos

Ve a Inicio->Ejecutar->Escribes->Regedit->Apretas enter y elimina las siguientes entradas:

HKLM\SOFTWARE\Classes\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}

HKLM\SOFTWARE\Classes\CLSID\{a2595f37-48d0-46a1-9b51-478591a97764}

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{a2595f37-48d0-46a1-9b51-478591a97764}

Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}

HKU\S-1-5-21-832845451-1414544425-794563710-11207\Software\Microsoft\Windows\CurrentVersion\Ex t\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}

HKU\S-1-5-21-832845451-1414544425-794563710-11207\Software\Microsoft\Windows\CurrentVersion\Ex t\Stats\{A2595F37-48D0-46A1-9B51-478591A97764}

Ve a Panel de Control/ Agregar o Quitar Programas y desinstala este programa si existe:

Media-Codec

Busca y elimina estos archivos y/o carpetas,Para archivos que no se dejen eliminar usa KillBox

Le vas poniendo que NO a reiniciar

C:\Program Files\Media-Codec\->Borra la carpeta con todo el contenido.

C:\WINDOWS\Downloaded Program Files\gdnUS2218.exe

-Sin reiniciar,Pasa estas herramientas:

-SpyBot Search & Destroy 1.4 Actualizados

-Ad-Aware 1.06 SE Personal Actualizado

-Ccleaner+Manual para limpiar cookis y temporales.

-RegSeeker+Manual para limpiar el registro de Windows.

-Ejecutas DelPSGuard

-Reinicias el pc normal

-Instálate el SpywareBlaster 3.4 Manual

-Elimina todas las cuarentenas que tengas y vacia la papelera tambien.

Pasa dos de estos Antivirus Online (ewido y kaspersky) y nos comentas si te detectaron algo o no. Si hay algo que te detecten nos pegas el reporte que te generen.

-Deshaz los pasos 1 y 2.

salu2

Recuerda volver y contarnos los resultados

<¡D3ViL!>

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

Última edición por <¡D3vIL!> fecha: 18/08/06 a las 14:40:08.

post #7 (permalink)

25/09/06, 14:55:30

dieguillo

Usuario

Registrado: feb 2006

Ubicación: Argentina

Mensajes: 13

Re: Tengo virus! va el reporte de Kaspersky!

Gente, la verdad hice todo lo que me dijeron... algo mejoro pero sigue apareciendo un mensaje que dice que mi pc ''está infectada si quiero instalar un antiespias...'' va un nuevo reporte Kaspersky. (ojo lo que dice que tiene virus en este reporte ya lo borré, pero siguen las molestias!)

KASPERSKY ONLINE SCANNER REPORT
Friday, September 22, 2006 5:13:03 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/09/2006
Kaspersky Anti-Virus database records: 212493

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\

Scan Statistics
Total number of scanned objects 58901
Number of viruses found 2
Number of infected objects 5 / 0
Number of suspicious objects 0
Duration of the scan process 01:43:29

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Microsoft\Outlook\jjcarr1.NK2 Object is locked skipped

C:\Documents and Settings\jjcarr1\Application Data\Microsoft\Outlook\jjcarr1.srs Object is locked skipped

C:\Documents and Settings\jjcarr1\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\150f5af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\23d0dbf6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\6766aff6.exe Infected: Trojan.Win32.Dialer.ay skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\b72d5c3e.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\History\History.IE5\MSHist012006092220060 923\index.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Temp\~DF1B35.tmp Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Temp\~DF1B3E.tmp Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Temp\~DF70E5.tmp Object is locked skipped

C:\Documents and Settings\jjcarr1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jjcarr1\My Documents\Outlook\Campaña 2006.pst Object is locked skipped

C:\Documents and Settings\jjcarr1\My Documents\Outlook\ENERO-2005.pst Object is locked skipped

C:\Documents and Settings\jjcarr1\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\jjcarr1\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Altiris\Altiris Agent\Agents\InventoryRuleAgent\InventoryRuleCache .iad Object is locked skipped

C:\Program Files\Altiris\Altiris Agent\PackageDownload\pkgdlvlk.tmp Object is locked skipped

C:\Program Files\Altiris\Altiris Agent\Software Delivery\pkgdlvlk.tmp Object is locked skipped

C:\Program Files\Altiris\Altiris Agent\Tasks\AeXTaskSchedulerLock\taskSchedulerLock .tmp Object is locked skipped

C:\Program Files\Trend Micro\OfficeScan Client\ConnLog\Conn_20060922.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\b72d5c3e.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\msmq\storage\l0000001.mq Object is locked skipped

C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

post #8 (permalink)

25/09/06, 15:09:35

lifo

Usuario Habitual

Registrado: abr 2006

Ubicación: España

Mensajes: 1.423

Re: Tengo virus! va el reporte de Kaspersky!

Hola amigo!!! Para eliminar el TrojanDownloader.Win32.Obfuscated sigue los pasos que se te muestran en el siguiente enlace TrojanDownloader.Busky.AR. Descarga otros malwares y para el dialer haz lo que te pone aquí Dialer.AY. Modifica la configuración del módem. Tampoco estaría demás que te bajases el CCleaner e hicieses una limpieza de archivos temporales. Saludos

Última edición por lifo fecha: 25/09/06 a las 15:12:25.

post #9 (permalink)

04/10/06, 10:17:47

dieguillo

Usuario

Registrado: feb 2006

Ubicación: Argentina

Mensajes: 13

Re: Tengo virus! va el reporte de Kaspersky!

OK MUCHAS GRACIAS!!! problema solucionado! la máquina funciona correctamente!

post #10 (permalink)

04/10/06, 11:33:01

Lalets

Usuario

Registrado: abr 2006

Ubicación: --

Mensajes: 1.834

Re: Tengo virus! va el reporte de Kaspersky!

hola, bueno como dices damos el tema por solucionado, pero agredeceriamos que nos regales tu voto aca:

InfoSpyware para el arroba de oro

salu2

« Tema Anterior | Próximo Tema »

Herramientas
Mostrar Versión Imprimible Enviar por Correo

Reglas del foro
No puedes crear nuevos temas No puedes responder temas No puedes subir adjuntos No puedes editar tus mensajes BB code is activado Las caritas están activado Código [IMG] está activado Código HTML está desactivado Trackbacks está desactivado Pingbacks está desactivado Refbacks está desactivado

Temas Similares

Tema	Autor	Foro	Respuestas	Último mensaje
no tengo dispositivo de audio..	blezzer	Foro de Hardware	3	12/09/07 21:26:27
Zulú, virus made in Argentina (entrevista a fondo)	skiavi	Off-Topic	6	16/12/06 03:15:56
cambiar el predeterminado de internet	jvicsan	Foro de Software	10	28/09/06 12:29:00
Problemas varios derivados de Spyware: creo que tengo un virus (Solucionado)	xaneme	Temas Solucionados	10	07/01/06 19:48:34
No consigo eliminar Look2Me, y otros problemas (solucionado)	SeteSete	Temas Solucionados	14	05/12/05 14:52:22

Todas las horas son GMT -4. La hora es 22:34:48.

InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals