Blog Registrarse Temas de Hoy AntiSpywares AntiVirus Glosario

Regresar   Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Foro de Virus y Spywares
Actualizar No puedo sacar el Trojan Horse Dropper Agent. BQR
        
Para evitar Virus, Spyware y ventanas emergentes, en InfoSpyware recomendamos navegar con: FIREFOX

Foro de Virus y Spywares Ayuda con: Malwares - Virus - Spywares - Troyanos - Adwares - Worms - Hijackers - Dialers - Rootkits - Keylogger - etc.) Plantéanos tu problema en este sector.
No ponga su log de HijackThis aquí !!

Tema Cerrado
Página 1 de 2 1 2 >
 
Herramientas
  post #1 (permalink)  
Antiguo 06/09/06, 23:53:27
Usuario
  
Registrado: sep 2006
Ubicación: Argentina
Mensajes: 10
Pregunta No puedo sacar el Trojan Horse Dropper Agent. BQR
Escaneo la PC, con el AVG y me indica que tengo el Ttrojan Horse Dropper. Agent. BQR, en el Shell32.exe, y no lo puedo limpiar, ni eliminar, que tengo que hacer para limpiarlo.Agradeceria ayuda
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
  post #2 (permalink)  
Antiguo 07/09/06, 00:01:07
Avatar de Fulgore
Ex-Colaborador
  
Registrado: jun 2006
Ubicación: Colombia (Medellin)
Mensajes: 1.315
Re: No puedo sacar el Trojan Horse Dropper Agent. BQR
Saludos y bienvenid@ a forospyware Intenta seguir los sgtes pasos:

- Apaga la opcion Restaurar Sistema si tienes Windows ME o XP.
- Entra en Modo Seguro
  1. - Escanea con:

    Spybot S&D actualizado
    Ad-aware actualizado (FULL SCAN)
    Spysweeper

  2. - Sin salir del modo seguro:

    Pasa el CCleaner.
    Limpia el registro con RegSeeker (opcion limpiar registro).

  3. - Inicia en modo normal y escanea con:
    Ewido On-Line
    kaspersky online.

    Nos pegas el log que generen los antivirus aqui.

    Si tienes algun inconveniente al pasar los antivirus online de arriba, puedes utilizar la herramienta
    MWAV Lee bien su manual, (ahi mismo esta)
    y pegas correctamente su log (de ser necesario).

Estaremos atentos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
  post #3 (permalink)  
Antiguo 07/09/06, 17:48:47
Usuario
  
Registrado: sep 2006
Ubicación: Argentina
Mensajes: 10
Re: No puedo sacar el Trojan Horse Dropper Agent. BQR
Bueno, en primera instancia quiero agradecer por la respuesta, pero necesitaria ayuda, para saber que archivos borrar, porque me saltan muchos y no quiero empeorar el problema, por eso a continuacion voy a pegar los logs que saltaron con los escaneos:

En primera instancia escanee con Spybot, con el siguiente logs:


Network Monitor: Servicio del sistema (Clave del registro, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\N etwork Monitor

Connect MFC Application: Carpeta de programa (Carpeta, nothing done)
C:\WINDOWS\Temp\IAUninstall\

CoolWWWSearch: Configuración (Clave del registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access

CoolWWWSearch: Página de búsqueda de IE (Cambio en el registro, nothing done)
HKEY_USERSS-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\Main\Search Page=about:blank

CoolWWWSearch: Página de búsqueda de IE (Cambio en el registro, nothing done)
HKEY_USERSS-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\Main\Search Bar=about:blank

CoolWWWSearch: Página de búsqueda de IE (Cambio en el registro, nothing done)
HKEY_USERSS-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\Main\Default_Search_URL=about:blank

CoolWWWSearch: Página de búsqueda de IE (Cambio en el registro, nothing done)
HKEY_USERSS-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL=about:blank

CoolWWWSearch: Página de búsqueda de IE (Cambio en el registro, nothing done)
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Main\Search Page=about:blank

CoolWWWSearch: Página de búsqueda de IE (Cambio en el registro, nothing done)
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank

Command Service: Datos (Archivo, nothing done)
C:\windows\newname.dat

Command Service: Configuración de autoejecución (Valor del registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\newname

DyFuCA: Clase raíz (Clave del registro, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\DyFuCA_BH.Sink Obj

DyFuCA.InternetOptimizer: Ejecutable (Archivo, nothing done)
C:\Documents and Settings\PC\Configuración local\Temp\cfout.txt

DyFuCA.InternetOptimizer: Datos (Archivo, nothing done)
C:\Documents and Settings\PC\Configuración local\Temp\cfin

DyFuCA.InternetOptimizer: Configuración (Clave del registro, nothing done)
HKEY_USERS\S-1-5-21-1275210071-261903793-725345543-1003\Software\Policies\Avenue Media

MagicControl.Agent: Biblioteca (Archivo, nothing done)
C:\WINDOWS\system32\msegcompid.dll

MagicControl.Agent: Configuración del usuario (Valor del registro, nothing done)
HKEY_USERS\S-1-5-21-1275210071-261903793-725345543-1003\Software\mc\SA

Rotue: Configuración de desinstalación (Clave del registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Rotue

Smitfraud-C.: Configuración (Valor del registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Smitfraud-C.: Configuración (Valor del registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E}

Smitfraud-C.: Datos (Archivo, nothing done)
c:\windows\drsmartload2.dat

Hotbar: Barra de herramientas d IE (Valor del registro, nothing done)
HKEY_USERS\S-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

Network Monitor: Servicio del sistema (Clave del registro, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N etwork Monitor

Network Monitor: Servicio del sistema (Clave del registro, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Network Monitor

Network Monitor: Carpeta de programa (Carpeta, nothing done)
C:\Documents and Settings\LocalService\Datos de programa\NetMon\

Network Monitor: Carpeta de programa (Carpeta, nothing done)
C:\Archivos de programa\Network Monitor\

NewDotNet: Configuración del usuario (Clave del registro, nothing done)
HKEY_USERS\.DEFAULT\Software\new.net

NewDotNet: Configuración del usuario (Clave del registro, nothing done)
HKEY_USERS\S-1-5-21-1275210071-261903793-725345543-1003\Software\new.net

NewDotNet: Configuración del usuario (Clave del registro, nothing done)
HKEY_USERS\S-1-5-18\Software\new.net

UCmore: Configuración del usuario (Clave del registro, nothing done)
HKEY_USERS\S-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E}

UCmore: Grupo de programa (Carpeta, nothing done)
C:\Archivos de programa\TheSearchAccelerator\

webHancer: Configuración global (Clave del registro, nothing done)
HKEY_LOCAL_MACHINE\Software\webHancer

WhenU.Search.Desktoptoolbar: Clase raíz (Clave del registro, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\WUSN.1

Win32.AdvertMen: Configuración (Clave del registro, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}

Windows AdTools: Datos (Archivo, nothing done)
C:\WINDOWS\system32\ide21201.vxd

HitBox: Cookie de seguimiento (Internet Explorer: PC) (Cookie, nothing done)


DoubleClick: Cookie de seguimiento (Internet Explorer: PC) (Cookie, nothing done)


Avenue A, Inc.: Cookie de seguimiento (Internet Explorer: PC) (Cookie, nothing done)


MediaPlex: Cookie de seguimiento (Internet Explorer: PC) (Cookie, nothing done)


CasinoPopupStuff: Cookie de seguimiento (Internet Explorer: PC) (Cookie, nothing done)


FastClick: Cookie de seguimiento (Internet Explorer: PC) (Cookie, nothing done)


CasinoPopupStuff: Cookie de seguimiento (Internet Explorer: PC) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-07 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-09-01 Includes\Cookies.sbi (*)
2006-09-01 Includes\Dialer.sbi (*)
2006-09-01 Includes\Hijackers.sbi (*)
2006-09-01 Includes\Keyloggers.sbi (*)
2006-09-01 Includes\Malware.sbi (*)
2006-09-01 Includes\PUPS.sbi (*)
2006-09-01 Includes\Revision.sbi (*)
2006-09-01 Includes\Security.sbi (*)
2006-09-01 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-09-01 Includes\Trojans.sbi (*)

Luego de esto escanee con el Ad aware, pero el log lo coloco en la proxima respuesta porque no me da la cantidad de caracteres.-

La Parca.-
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
  post #4 (permalink)  
Antiguo 07/09/06, 18:00:25
Usuario
  
Registrado: sep 2006
Ubicación: Argentina
Mensajes: 10
Re: No puedo sacar el Trojan Horse Dropper Agent. BQR
Luego de ello, escanee con el Ad aware, con el siguiente log:
Ad-Aware SE Build 1.06r1 Logfile Created on:Jueves, 07 Septiembre de 2006 Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R121 28.08.2006

References detected during the scan:
DyFuCA(TAC index:3):3 total references
EzuLa(TAC index:6):2 total references
MRU List(TAC index:0):17 total references
NavExcel(TAC index:7):1 total references
Possible Browser Hijack attempt(TAC index:3):5 total references
Tracking Cookie(TAC index:3):31 total references
WebHancer(TAC index:9):1 total references
WinAD(TAC index:7):18 total references

Ad-Aware SE Settings
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


07-09-2006 15:51:07 - Scan started. (Smart mode)
Listing running processes
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 372
ThreadCreationTime : 07-09-2006 18:38:24
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 444
ThreadCreationTime : 07-09-2006 18:38:28
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 07-09-2006 18:38:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corporation.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 07-09-2006 18:38:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 640
ThreadCreationTime : 07-09-2006 18:38:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 07-09-2006 18:38:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spysweeper.exe]
FilePath : C:\Archivos de programa\eMule\Incoming\Webroot\Spy Sweeper\
ProcessID : 1024
ThreadCreationTime : 07-09-2006 18:38:40
BasePriority : Normal
FileVersion : 3,0,5,1286
ProductVersion : 3, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Engine
LegalCopyright : Copyright (C) 2002 - 2006, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1224
ThreadCreationTime : 07-09-2006 18:38:47
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation.
OriginalFilename : EXPLORER.EXE

#:9 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1532
ThreadCreationTime : 07-09-2006 18:43:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Bloc de notas
InternalName : Notepad
LegalCopyright : © Microsoft Corp. Reservados todos los derechos.
OriginalFilename : NOTEPAD.EXE

#:10 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1632
ThreadCreationTime : 07-09-2006 18:50:54
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
New critical objects: 0
Objects found so far: 0


Started registry scan
DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0288b94b-0288-b94b-0288-b94b0288b94b}

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0288b94b-0288-b94b-0288-b94b0288b94b}
Value : nMUBBihSjM

WinAD Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}

WinAD Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}

WinAD Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID

WinAD Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}

WinAD Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer

WinAD Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}

WinAD Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment : MediaPass
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object: S-1-5-21-1275210071-261903793-725345543-1003software\policies\avenue media

WebHancer Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\webhancer

WinAD Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\media access

WinAD Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\media access
Value : track

WinAD Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\media access
Value : LastUpdate

WinAD Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\media access
Value : reqcount

WinAD Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\media access
Value : DownloadPath

WinAD Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\media access
Value : Language

WinAD Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\media access
Value : SoftwareTable

WinAD Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\media access
Value : Request

WinAD Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object: software\microsoft\windows\currentversion\uninstal l\media access

WinAD Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object: software\microsoft\windows\currentversion\uninstal l\media access
Value : DisplayName

Registry Scan result:
New critical objects: 22
Objects found so far: 22


Started deep registry scan
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Page.findthewebsiteyouneed.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 8
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://searchbar.findthewebsiteyouneed.com"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistant.findthewebsiteyoune ed.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 8
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://searchbar.findthewebsiteyouneed.com"
Possible Browser Hijack attempt : S-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\MainSearch Page.findthewebsiteyouneed.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 8
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://searchbar.findthewebsiteyouneed.com"
Possible Browser Hijack attempt : S-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\MainSearch Bar.findthewebsiteyouneed.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 8
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://searchbar.findthewebsiteyouneed.com"
Possible Browser Hijack attempt : S-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\MainDefault_Search_URL.findthewebsiteyoun eed.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 8
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1275210071-261903793-725345543-1003\Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "http://searchbar.findthewebsiteyouneed.com"

Deep registry scan result:
New critical objects: 5
Objects found so far: 27

NavExcel Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {5aa06644-bc46-4220-a460-47a6eb47c96d}


Started Tracking Cookie scan
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@0[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:45
Value : Cookie:pc@jedonkey.cjt1.net/HTM/307/0
Expires : 25-06-2007 20:01:10
LastSync : Hits:45
UseCount : 0
Hits : 45

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:29
Value : Cookie:pc@as1.falkag.de/
Expires : 17-06-2006 13:06:20
LastSync : Hits:29
UseCount : 0
Hits : 29

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc@hitbox.com/
Expires : 25-05-2006 12:56:14
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@2o7[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:pc@2o7.net/
Expires : 04-09-2011 00:55:02
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@count.xhit[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:pc@count.xhit.com/
Expires : 26-04-2007 10:33:32
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@findwhat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:pc@findwhat.com/
Expires : 31-12-2019 21:00:02
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:pc@doubleclick.net/
Expires : 16-05-2009 17:12:52
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:74
Value : Cookie:pc@atdmt.com/
Expires : 08-05-2011 21:00:00
LastSync : Hits:74
UseCount : 0
Hits : 74

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@~~local~~[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:pc@~~local~~/
Expires : 26-07-2006 13:22:16
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@www.globaladvertisingservices[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:pc@www.globaladvertisingservices.info/
Expires : 18-09-2006 15:01:22
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@pro-market[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:46
Value : Cookie:pc@pro-market.net/
Expires : 31-05-2030 21:00:00
LastSync : Hits:46
UseCount : 0
Hits : 46

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:pc@mediaplex.com/
Expires : 21-06-2009 21:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:pc@statcounter.com/
Expires : 29-06-2011 06:41:32
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@c5.zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:pc@c5.zedo.com/
Expires : 13-07-2006 02:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@qksrv[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:pc@qksrv.net/
Expires : 06-05-2011 00:01:54
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@banner.casinolasvegas[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:pc@banner.casinolasvegas.com/
Expires : 11-07-2006 15:03:32
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:17
Value : Cookie:pc@fastclick.net/
Expires : 11-07-2008 13:23:30
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@adserver.terra[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:pc@adserver.terra.com/
Expires : 05-06-2074 16:30:36
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:51
Value : Cookie:pc@zedo.com/
Expires : 14-05-2016 11:42:54
LastSync : Hits:51
UseCount : 0
Hits : 51

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@casinolasvegas[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc@casinolasvegas.com/
Expires : 11-07-2006 15:03:32
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:pc@apmebf.com/
Expires : 06-05-2011 00:01:52
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:pc@tribalfusion.com/
Expires : 31-12-2037 21:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:pc@tradedoubler.com/
Expires : 25-06-2026 08:27:10
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\PC\Cookies\pc@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@www.globaladvertisingservices[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\PC\Cookies\pc@www.globaladvertisingservic es[1].txt

Tracking cookie scan result:
New critical objects: 25
Objects found so far: 53

Deep scanning and examining files...

Disk Scan Result for C:\WINDOWS
New critical objects: 0
Objects found so far: 53

Disk Scan Result for C:\WINDOWS\system32
New critical objects: 0
Objects found so far: 53

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\PC\CONFIG~1\Temp\Cookies\pc@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\PC\CONFIG~1\Temp\Cookies\pc@advertisin g[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\PC\CONFIG~1\Temp\Cookies\pc@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@findwhat[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\PC\CONFIG~1\Temp\Cookies\pc@findwhat[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@www.globaladvertisingservices[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value: C:\DOCUME~1\PC\CONFIG~1\Temp\Cookies\pc@www.global advertisingservices[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc@~~local~~[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\PC\CONFIG~1\Temp\Cookies\pc@~~local~~[1].txt

Disk Scan Result for C:\DOCUME~1\PC\CONFIG~1\Temp\
New critical objects: 0
Objects found so far: 59

Hosts file scan result:
0 entries scanned.
New critical objects:0
Objects found so far: 59

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\direct3d\mostrecentapplica tion
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\direct3d\mostrecentapplica tion
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplicatio n
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\directinput\mostrecentappl ication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\directinput\mostrecentappl ication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer\typedurls
Description: list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\windows\currentversion\exp lorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\windows\currentversion\exp lorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\windows\currentversion\exp lorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions

MRU List Object Recognized!
Location: : S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Performing conditional scans...
DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstal l\rotue

WinAD Object Recognized!
Type : File
Data : ide21201.vxd
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\system32\


Conditional scan result:
New critical objects: 2
Objects found so far: 78

15:53:08 Scan Complete

Summary Of This Scan
Total scanning time:00:02:01.172
Objects scanned:92426
Objects identified:61
Objects ignored:0
New critical objects:61

Y sigo con el problema, que no se que tengo que borrar, y asi analice con todos los programas que me indicaron y tengo todos los logs, que los ire colocando en respuestas aparte, por la cantidad de caracteres.-

La Parca
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
  post #5 (permalink)  
Antiguo 07/09/06, 18:06:55
Usuario
  
Registrado: sep 2006
Ubicación: Argentina
Mensajes: 10
Re: No puedo sacar el Trojan Horse Dropper Agent. BQR
Luego scanee con el Spy weeper, con el siguiente log:

16:07: Traces Found: 460
16:07: Full Sweep has completed. Elapsed time 00:12:25
16:07: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\exts\{8e09cb72-3143-4414-a1c2-63e9c0438472}\ (ID = 1591156)
16:07: HKLM\software\microsoft\office\outlook\addins\outl ookaddin.addin\ (ID = 1591161)
16:07: HKLM\software\classes\outlookaddin.addin.1\ (ID = 1591159)
16:07: HKLM\software\classes\outlookaddin.addin\ (ID = 1591158)
16:07: HKCR\outlookaddin.addin.1\ (ID = 1591154)
16:07: HKCR\outlookaddin.addin\ (ID = 1591153)
16:07: File Sweep Complete, Elapsed Time: 00:11:13
16:07: Warning: Failed to access drive E:
16:07: Warning: Failed to access drive D:
16:03: mediaaccc.dll (ID = 90383)
16:03: mediaaccess.exe (ID = 90396)
15:56: hbtools (110 subtraces) (ID = 2147486417)
15:56: shopperreports (4 subtraces) (ID = 2147486420)
15:56: hbtools (9 subtraces) (ID = 2147486417)
15:56: save (ID = 2147486918)
15:56: shopperreports (239 subtraces) (ID = 2147486420)
15:56: thesearchaccelerator (ID = 2147486237)
15:56: Found Adware: effective-i toolbar
15:56: network monitor (ID = 2147507525)
15:56: Starting File Sweep
15:56: Warning: Failed to access drive A:
15:56: Cookie Sweep Complete, Elapsed Time: 00:00:01
15:56: pc@zedo[2].txt (ID = 3762)
15:56: pc@www.ademails[1].txt (ID = 2066)
15:56: Found Spy Cookie: ademails.com cookie
15:56: pc@tribalfusion[1].txt (ID = 3589)
15:56: Found Spy Cookie: tribalfusion cookie
15:56: pc@tradedoubler[2].txt (ID = 3575)
15:56: Found Spy Cookie: tradedoubler cookie
15:56: pc@tacoda[1].txt (ID = 6444)
15:56: Found Spy Cookie: tacoda cookie
15:56: pc@statcounter[1].txt (ID = 3447)
15:56: Found Spy Cookie: statcounter cookie
15:56: pc@qksrv[2].txt (ID = 3213)
15:56: Found Spy Cookie: qksrv cookie
15:56: pc@pro-market[1].txt (ID = 3197)
15:56: Found Spy Cookie: pro-market cookie
15:56: pc@msnportal.112.2o7[1].txt (ID = 1958)
15:56: pc@monstermarketplace[1].txt (ID = 3006)
15:56: Found Spy Cookie: monstermarketplace cookie
15:56: pc@mediaplex[1].txt (ID = 6442)
15:56: Found Spy Cookie: mediaplex cookie
15:56: pc@findwhat[1].txt (ID = 2674)
15:56: Found Spy Cookie: findwhat cookie
15:56: pc@fastclick[2].txt (ID = 2651)
15:56: Found Spy Cookie: fastclick cookie
15:56: pc@count.xhit[2].txt (ID = 3714)
15:56: Found Spy Cookie: xhit cookie
15:56: pc@c5.zedo[2].txt (ID = 3763)
15:56: Found Spy Cookie: zedo cookie
15:56: pc@azjmp[2].txt (ID = 2270)
15:56: Found Spy Cookie: azjmp cookie
15:56: pc@atdmt[2].txt (ID = 2253)
15:56: Found Spy Cookie: atlas dmt cookie
15:56: pc@as1.falkag[1].txt (ID = 2650)
15:56: Found Spy Cookie: falkag cookie
15:56: pc@apmebf[2].txt (ID = 2229)
15:56: Found Spy Cookie: apmebf cookie
15:56: pc@adopt.hbmediapro[1].txt (ID = 2768)
15:56: Found Spy Cookie: hbmediapro cookie
15:56: pc@ad.yieldmanager[2].txt (ID = 3751)
15:56: Found Spy Cookie: yieldmanager cookie
15:56: pc@2o7[3].txt (ID = 1957)
15:56: pc@2o7[2].txt (ID = 1957)
15:56: Found Spy Cookie: 2o7.net cookie
15:56: pc@0[2].txt (ID = 3282)
15:56: Found Spy Cookie: sandboxer cookie
15:56: Starting Cookie Sweep
15:56: Registry Sweep Complete, Elapsed Time:00:00:18
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\windows\currentversion\exp lorer\menuorder\start menu\programs\180search assistant\ (ID = 972193)
15:56: Found Adware: 180search assistant/zango
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer\toolbar\shellbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 685412)
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {5aa06644-bc46-4220-a460-47a6eb47c96d} (ID = 135541)
15:56: Found Adware: navexcel navhelper
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\policies\avenue media\ (ID = 128928)
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\instafin\ (ID = 128665)
15:56: Found Adware: instafinder
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586)
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer\main\ || search page (ID = 125238)
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
15:56: HKU\S-1-5-21-1275210071-261903793-725345543-1003\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
15:56: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-1006\software\microsoft\installer\products\d493500 bd4a54ea6bc805fc9cda952c5\ (ID = 788008)
15:56: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-1006\software\microsoft\installer\features\10b0642 b36134f8f914ea8e11ee5b503\ (ID = 788006)
15:56: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-1006\software\microsoft\internet explorer\toolbar\shellbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 685412)
15:56: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-1006\software\shopperreports\ (ID = 127631)
15:56: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586)
15:56: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)
15:56: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)
15:56: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-1006\software\hbtools\ (ID = 127563)
15:55: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-501\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 818746)
15:55: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-501\software\microsoft\installer\products\d493500b d4a54ea6bc805fc9cda952c5\ (ID = 788008)
15:55: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-501\software\microsoft\installer\features\10b0642b 36134f8f914ea8e11ee5b503\ (ID = 788006)
15:55: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-501\software\microsoft\internet explorer\toolbar\shellbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 685412)
15:55: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-501\software\avenue media\ (ID = 128887)
15:55: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-501\software\shopperreports\ (ID = 127631)
15:55: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-501\software\hbtools\ (ID = 127563)
15:55: Found Adware: hotbar
15:55: HKLM\software\classes\typelib\{5bad7fae-81f0-4439-8c1a-3e8907998047}\ (ID = 1591160)
15:55: HKLM\software\classes\clsid\{180b4ee9-1795-4429-9651-f17a6515726d}\ (ID = 1591157)
15:55: HKCR\typelib\{5bad7fae-81f0-4439-8c1a-3e8907998047}\ (ID = 1591155)
15:55: HKCR\clsid\{180b4ee9-1795-4429-9651-f17a6515726d}\ (ID = 1591152)
15:55: Found Trojan Horse: trojan-backdoor-egroup
15:55: HKLM\software\microsoft\windows\currentversion\run \ || keyboard (ID = 1558789)
15:55: HKLM\system\controlset001\enum\root\legacy_cmdserv ice\ (ID = 1556665)
15:55: HKLM\software\classes\clsid\{ba749bc1-143e-430d-b1da-1d2af67a3658}\ (ID = 1030417)
15:55: HKCR\clsid\{ba749bc1-143e-430d-b1da-1d2af67a3658}\ (ID = 1030412)
15:55: Found Adware: instant access
15:55: HKLM\system\currentcontrolset\enum\root\legacy_cmd service\ (ID = 1016072)
15:55: Found Adware: command
15:55: HKLM\software\classes\wusn.1\ (ID = 635554)
15:55: HKCR\wusn.1\ (ID = 635412)
15:55: HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (ID = 147244)
15:55: HKLM\software\microsoft\windows\currentversion\uni nstall\media access\ (ID = 147230)
15:55: HKLM\software\microsoft\windows\currentversion\run \ || media access (ID = 147202)
15:55: HKLM\software\media access\ (ID = 147182)
15:55: HKLM\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (ID = 147176)
15:55: HKLM\software\classes\mediaaccess.installer\ (ID = 147171)
15:55: HKLM\software\classes\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (ID = 147167)
15:55: HKLM\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (ID = 147165)
15:55: HKLM\software\classes\appid\loaderx.exe\ (ID = 147164)
15:55: HKCR\mediaaccess.installer\ (ID = 147157)
15:55: HKCR\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (ID = 147153)
15:55: HKCR\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (ID = 147151)
15:55: HKCR\appid\loaderx.exe\ (ID = 147150)
15:55: Found Adware: winad
15:55: HKLM\software\webhancer\ (ID = 146278)
15:55: Found Adware: webhancer
15:55: HKCR\wusn.1\ (ID = 140463)
15:55: Found Adware: whenu savenow
15:55: HKCR\dyfuca_bh.sinkobj\ (ID = 135178)
15:55: HKLM\software\microsoft\windows\currentversion\uni nstall\rotue\ (ID = 128925)
15:55: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125242)
15:55: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 125241)
15:55: Found Adware: findthewebsiteyouneed hijack
15:55: Starting Registry Sweep
15:55: Memory Sweep Complete, Elapsed Time: 00:00:40
15:55: Starting Memory Sweep
15:55: HKU\WRSS_Profile_S-1-5-21-1275210071-261903793-725345543-501\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 1193580)
15:55: Found Adware: internetoptimizer
15:55: nwnmfg_7.exe (ID = 1231926)
15:55: HKLM\software\microsoft\windows\currentversion\run \ || newname (ID = 1231926)
15:55: Found Adware: dollarrevenue
15:55: Sweep initiated using definitions version 755
15:55: Spy Sweeper 5.0.5.1286 started
15:55: | Start of Session, Jueves, 07 de Septiembre de 2006 |
********
15:55: | End of Session, Jueves, 07 de Septiembre de 2006 |
15:54: Program Version 5.0.5.1286 Using Spyware Definitions 755
15:29: Your definitions are up to date.
15:05: Detected running threat: winad
15:05: Memory Shield: Found: Memory-resident threat winad, version 1.0.0.0
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
14:59: Warning: Controlador no válido
ActiveX Shield: On
Windows Messenger Service Shield: Off
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
14:58: Shield States
14:58: Spyware Definitions: 755
14:56: Spy Sweeper 5.0.5.1286 started
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
  post #6 (permalink)  
Antiguo 07/09/06, 18:09:15
Usuario
  
Registrado: sep 2006
Ubicación: Argentina
Mensajes: 10
Re: No puedo sacar el Trojan Horse Dropper Agent. BQR
Despues pase el CCLEANER Y LUEGO EL REG. SEEKER, pero si es necesario tengo los log, pero me seria mas facil ir borrando los problemas anteriores, porque los logs, son muy extensos y no da la capacidad, y me parece que si voy eliminando los anteriores, los logs serian mas precisos, agradecere la ayuda.
La Parca
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
  post #7 (permalink)  
Antiguo 07/09/06, 18:17:33
Avatar de Fulgore
Ex-Colaborador
  
Registrado: jun 2006
Ubicación: Colombia (Medellin)
Mensajes: 1.315
Re: No puedo sacar el Trojan Horse Dropper Agent. BQR
Saludos! Buee, la verdad los logs anteriores no son tan necesarios. Ah, y elimina TODO lo que los antispywares te tiraron, esto no es problema. Con lo que debemos tener mas cuidado, es con los archivos que nos den los ANTIVIRUS ONLINE - Ewido y Kaspersky. Estos reportes SI son necesarios, por lo que estaremos esperandolos

Suerte

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
  post #8 (permalink)  
Antiguo 08/09/06, 18:01:38
Usuario
  
Registrado: sep 2006
Ubicación: Argentina
Mensajes: 10
Re: No puedo sacar el Trojan Horse Dropper Agent. BQR
Bueno, procedi a escanear y borrar como me indicaron, y luego intente pasar el EWIDO, pero no hubo forma de que funcione, si puede pasar con el Kaspery, con el siguiente LOG:

ESCANEE CON KASPERY, CON EL SIGUIENTE LOG:
Please wait to update the virus definitions...
Downloading from url: http://us3h.kaspersky-labs.com
Downloading remote file: master.xml
Downloading remote file: soft.xml
Downloading remote file: kavset.xml
Downloading remote file: updcfg.xml
Downloading remote file: avcmhk4.dll
Downloading remote file: avp.klb
Downloading remote file: avp.set
Downloading remote file: avp.vnd
Downloading remote file: avp_ext.set
Downloading remote file: avp_x.set
Downloading remote file: base001.avc
Downloading remote file: base002.avc
Downloading remote file: base003.avc
Downloading remote file: base004.avc
Downloading remote file: base005.avc
Downloading remote file: base006.avc
Downloading remote file: base007.avc
Downloading remote file: base008.avc
Downloading remote file: base009.avc
Downloading remote file: base010.avc
Downloading remote file: base011.avc
Downloading remote file: base012.avc
Downloading remote file: base013.avc
Downloading remote file: base014.avc
Downloading remote file: base015.avc
Downloading remote file: base016.avc
Downloading remote file: base017.avc
Downloading remote file: base018.avc
Downloading remote file: base019.avc
Downloading remote file: base020.avc
Downloading remote file: base021.avc
Downloading remote file: base022.avc
Downloading remote file: base023.avc
Downloading remote file: base024.avc
Downloading remote file: base025.avc
Downloading remote file: base026.avc
Downloading remote file: base027.avc
Downloading remote file: base028.avc
Downloading remote file: base029.avc
Downloading remote file: base030.avc
Downloading remote file: base031.avc
Downloading remote file: base032.avc
Downloading remote file: base033.avc
Downloading remote file: base034.avc
Downloading remote file: base035.avc
Downloading remote file: base036.avc
Downloading remote file: base037.avc
Downloading remote file: base038.avc
Downloading remote file: base039.avc
Downloading remote file: base040.avc
Downloading remote file: base041.avc
Downloading remote file: base042.avc
Downloading remote file: base043.avc
Downloading remote file: base044.avc
Downloading remote file: base045.avc
Downloading remote file: base046.avc
Downloading remote file: base047.avc
Downloading remote file: base048.avc
Downloading remote file: base049.avc
Downloading remote file: base050.avc
Downloading remote file: base051.avc
Downloading remote file: base052.avc
Downloading remote file: base053.avc
Downloading remote file: base054.avc
Downloading remote file: base055.avc
Downloading remote file: base056.avc
Downloading remote file: base057.avc
Downloading remote file: base058.avc
Downloading remote file: base059.avc
Downloading remote file: base060.avc
Downloading remote file: base061.avc
Downloading remote file: base062.avc
Downloading remote file: base063.avc
Downloading remote file: base064.avc
Downloading remote file: base065.avc
Downloading remote file: base066.avc
Downloading remote file: base067.avc
Downloading remote file: base068.avc
Downloading remote file: base069.avc
Downloading remote file: base070.avc
Downloading remote file: base071.avc
Downloading remote file: base072.avc
Downloading remote file: base073.avc
Downloading remote file: base074.avc
Downloading remote file: base075.avc
Downloading remote file: base076.avc
Downloading remote file: base077.avc
Downloading remote file: base078.avc
Downloading remote file: base079.avc
Downloading remote file: base080.avc
Downloading remote file: base081.avc
Downloading remote file: base082.avc
Downloading remote file: base083.avc
Downloading remote file: base084.avc
Downloading remote file: base085.avc
Downloading remote file: base086.avc
Downloading remote file: base087.avc
Downloading remote file: base088.avc
Downloading remote file: base089.avc
Downloading remote file: base090.avc
Downloading remote file: base091.avc
Downloading remote file: base092.avc
Downloading remote file: base093.avc
Downloading remote file: base094.avc
Downloading remote file: base095.avc
Downloading remote file: base096.avc
Downloading remote file: base097.avc
Downloading remote file: base098.avc
Downloading remote file: base099.avc
Downloading remote file: base100.avc
Downloading remote file: base101.avc
Downloading remote file: base102.avc
Downloading remote file: base103.avc
Downloading remote file: base104.avc
Downloading remote file: base105.avc
Downloading remote file: base106.avc
Downloading remote file: base107.avc
Downloading remote file: base108.avc
Downloading remote file: base999.avc
Downloading remote file: black.lst
Downloading remote file: ca.avc
Downloading remote file: daily.avc
Downloading remote file: daily-ex.avc
Downloading remote file: eicar.avc
Downloading remote file: engine.cfg
Downloading remote file: engine.dt
Downloading remote file: ext001.avc
Downloading remote file: ext002.avc
Downloading remote file: ext003.avc
Downloading remote file: ext004.avc
Downloading remote file: ext005.avc
Downloading from url: http://us1h.kaspersky-labs.com
Downloading remote file: master.xml
Downloading remote file: ext005.avc
Downloading from url: http://us2h.kaspersky-labs.com
Downloading remote file: master.xml
Downloading remote file: ext005.avc
Downloading remote file: ext006.avc
Downloading remote file: ext007.avc
Downloading remote file: ext999.avc
Downloading remote file: fa.avc
Downloading remote file: gen001.avc
Downloading remote file: gen002.avc
Downloading remote file: gen003.avc
Downloading remote file: gen004.avc
Downloading remote file: gen005.avc
Downloading remote file: gen999.avc
Downloading remote file: kernel.avc
Downloading remote file: krn001.avc
Downloading remote file: krn002.avc
Downloading remote file: krn003.avc
Downloading remote file: krn004.avc
Downloading remote file: krndos.avc
Downloading remote file: krnengn.avc
Downloading remote file: krnexe.avc
Downloading remote file: krnexe32.avc
Downloading remote file: krnjava.avc
Downloading remote file: krnmacro.avc
Downloading remote file: krnunp.avc
Downloading remote file: mail.avc
Downloading remote file: ocr.avc
Downloading remote file: smart.avc
Downloading remote file: unp000.avc
Downloading remote file: unp001.avc
Downloading remote file: unp002.avc
Downloading remote file: unp003.avc
Downloading remote file: unp004.avc
Downloading remote file: unp005.avc
Downloading remote file: unp006.avc
Downloading remote file: unp007.avc
Downloading remote file: unp008.avc
Downloading remote file: unp009.avc
Downloading remote file: unp010.avc
Downloading remote file: unp011.avc
Downloading remote file: unp012.avc
Downloading remote file: unp013.avc
Downloading remote file: unp014.avc
Downloading remote file: unp015.avc
Downloading remote file: unp016.avc
Downloading remote file: unp017.avc
Downloading remote file: unp018.avc
Downloading remote file: unp019.avc
Downloading remote file: unp020.avc
Downloading remote file: unp021.avc
Downloading remote file: unp022.avc
Downloading remote file: unp023.avc
Downloading remote file: unp024.avc
Downloading remote file: unp025.avc
Downloading remote file: unp026.avc
Downloading remote file: unp027.avc
Downloading remote file: unp028.avc
Downloading remote file: unp029.avc
Downloading remote file: unp030.avc
Downloading remote file: unp031.avc
Downloading remote file: unp032.avc
Downloading remote file: unp033.avc
Downloading remote file: unp034.avc
Downloading remote file: verdicts.ini
Update finished. Ready to scan.
Please wait to update the virus definitions...
Downloading from url: http://us3h.kaspersky-labs.com
Downloading remote file: master.xml
Downloading remote file: soft.xml
Downloading remote file: kavset.xml
Downloading remote file: updcfg.xml
Downloading remote file: avcmhk4.dll
Downloading remote file: avp.klb
Downloading remote file: avp.set
Downloading remote file: avp.vnd
Downloading remote file: avp_ext.set
Downloading remote file: avp_x.set
Downloading remote file: base001.avc
Downloading remote file: base002.avc
Downloading remote file: base003.avc
Downloading remote file: base004.avc
Downloading remote file: base005.avc
Downloading remote file: base006.avc
Downloading remote file: base007.avc
Downloading remote file: base008.avc
Downloading remote file: base009.avc
Downloading remote file: base010.avc
Downloading remote file: base011.avc
Downloading remote file: base012.avc
Downloading remote file: base013.avc
Downloading remote file: base014.avc
Downloading remote file: base015.avc
Downloading remote file: base016.avc
Downloading remote file: base017.avc
Downloading remote file: base018.avc
Downloading remote file: base019.avc
Downloading remote file: base020.avc
Downloading remote file: base021.avc
Downloading remote file: base022.avc
Downloading remote file: base023.avc
Downloading remote file: base024.avc
Downloading remote file: base025.avc
Downloading remote file: base026.avc
Downloading remote file: base027.avc
Downloading remote file: base028.avc
Downloading remote file: base029.avc
Downloading remote file: base030.avc
Downloading remote file: base031.avc
Downloading remote file: base032.avc
Downloading remote file: base033.avc
Downloading remote file: base034.avc
Downloading remote file: base035.avc
Downloading remote file: base036.avc
Downloading remote file: base037.avc
Downloading remote file: base038.avc
Downloading remote file: base039.avc
Downloading remote file: base040.avc
Downloading remote file: base041.avc
Downloading remote file: base042.avc
Downloading remote file: base043.avc
Downloading remote file: base044.avc
Downloading remote file: base045.avc
Downloading remote file: base046.avc
Downloading remote file: base047.avc
Downloading remote file: base048.avc
Downloading remote file: base049.avc
Downloading remote file: base050.avc
Downloading remote file: base051.avc
Downloading remote file: base052.avc
Downloading remote file: base053.avc
Downloading remote file: base054.avc
Downloading remote file: base055.avc
Downloading remote file: base056.avc
Downloading remote file: base057.avc
Downloading remote file: base058.avc
Downloading remote file: base059.avc
Downloading remote file: base060.avc
Downloading remote file: base061.avc
Downloading remote file: base062.avc
Downloading remote file: base063.avc
Downloading remote file: base064.avc
Downloading remote file: base065.avc
Downloading remote file: base066.avc
Downloading remote file: base067.avc
Downloading remote file: base068.avc
Downloading remote file: base069.avc
Downloading remote file: base070.avc
Downloading remote file: base071.avc
Downloading remote file: base072.avc
Downloading remote file: base073.avc
Downloading remote file: base074.avc
Downloading remote file: base075.avc
Downloading remote file: base076.avc
Downloading remote file: base077.avc
Downloading remote file: base078.avc
Downloading remote file: base079.avc
Downloading remote file: base080.avc
Downloading remote file: base081.avc
Downloading remote file: base082.avc
Downloading remote file: base083.avc
Downloading remote file: base084.avc
Downloading remote file: base085.avc
Downloading remote file: base086.avc
Downloading remote file: base087.avc
Downloading remote file: base088.avc
Downloading remote file: base089.avc
Downloading remote file: base090.avc
Downloading remote file: base091.avc
Downloading remote file: base092.avc
Downloading remote file: base093.avc
Downloading remote file: base094.avc
Downloading remote file: base095.avc
Downloading remote file: base096.avc
Downloading remote file: base097.avc
Downloading remote file: base098.avc
Downloading remote file: base099.avc
Downloading remote file: base100.avc
Downloading remote file: base101.avc
Downloading remote file: base102.avc
Downloading remote file: base103.avc
Downloading remote file: base104.avc
Downloading remote file: base105.avc
Downloading remote file: base106.avc
Downloading remote file: base107.avc
Downloading remote file: base108.avc
Downloading remote file: base999.avc
Downloading remote file: black.lst
Downloading remote file: ca.avc
Downloading remote file: daily.avc
Downloading remote file: daily-ex.avc
Downloading remote file: eicar.avc
Downloading remote file: engine.cfg
Downloading remote file: engine.dt
Downloading remote file: ext001.avc
Downloading remote file: ext002.avc
Downloading remote file: ext003.avc
Downloading remote file: ext004.avc
Downloading remote file: ext005.avc
Downloading from url: http://us1h.kaspersky-labs.com
Downloading remote file: master.xml
Downloading remote file: ext005.avc
Downloading from url: http://us2h.kaspersky-labs.com
Downloading remote file: master.xml
Downloading remote file: ext005.avc
Downloading remote file: ext006.avc
Downloading remote file: ext007.avc
Downloading remote file: ext999.avc
Downloading remote file: fa.avc
Downloading remote file: gen001.avc
Downloading remote file: gen002.avc
Downloading remote file: gen003.avc
Downloading remote file: gen004.avc
Downloading remote file: gen005.avc
Downloading remote file: gen999.avc
Downloading remote file: kernel.avc
Downloading remote file: krn001.avc
Downloading remote file: krn002.avc
Downloading remote file: krn003.avc
Downloading remote file: krn004.avc
Downloading remote file: krndos.avc
Downloading remote file: krnengn.avc
Downloading remote file: krnexe.avc
Downloading remote file: krnexe32.avc
Downloading remote file: krnjava.avc
Downloading remote file: krnmacro.avc
Downloading remote file: krnunp.avc
Downloading remote file: mail.avc
Downloading remote file: ocr.avc
Downloading remote file: smart.avc
Downloading remote file: unp000.avc
Downloading remote file: unp001.avc
Downloading remote file: unp002.avc
Downloading remote file: unp003.avc
Downloading remote file: unp004.avc
Downloading remote file: unp005.avc
Downloading remote file: unp006.avc
Downloading remote file: unp007.avc
Downloading remote file: unp008.avc
Downloading remote file: unp009.avc
Downloading remote file: unp010.avc
Downloading remote file: unp011.avc
Downloading remote file: unp012.avc
Downloading remote file: unp013.avc
Downloading remote file: unp014.avc
Downloading remote file: unp015.avc
Downloading remote file: unp016.avc
Downloading remote file: unp017.avc
Downloading remote file: unp018.avc
Downloading remote file: unp019.avc
Downloading remote file: unp020.avc
Downloading remote file: unp021.avc
Downloading remote file: unp022.avc
Downloading remote file: unp023.avc
Downloading remote file: unp024.avc
Downloading remote file: unp025.avc
Downloading remote file: unp026.avc
Downloading remote file: unp027.avc
Downloading remote file: unp028.avc
Downloading remote file: unp029.avc
Downloading remote file: unp030.avc
Downloading remote file: unp031.avc
Downloading remote file: unp032.avc
Downloading remote file: unp033.avc
Downloading remote file: unp034.avc
Downloading remote file: verdicts.ini
Update finished. Ready to scan.

Luego de ello, y por si acaso, procedi a escanear con el MWAV, con el siguiente LOG, haciendo constar, que solo coloque las que se hallaba infectada y no las que poseian errores.:

Fichero C:\WINDOWS\dr.exe infectado por "Trojan-Downloader.Win32.Adload.dr" Virus. Acción tomada: Ninguna acción tomada.

Cual seria el paso a seguir, y aprovecho para seguir agradeciendo la ayuda que brindan.

La Parca.-
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
  post #9 (permalink)