 |
| |||||||
| Temas Solucionados Casos de HijackThis y Malwares resueltos. (Solo lectura) |
 |
| | Enviar a: | Herramientas |
 | 
09/01/07, 09:45:57
|  |
| |||
| Troyano o algo asi, Ayuda por favor (Solucionado) Gente, El PC-CILLIN me detecta archivos del tipo 38exhdd.w.exe como virus (troyano TROJ_HORST.HH ) Este antivirus no me lo elimina, lo pone en cuarentena y de ahi si lo puedo eliminar dado a que se aloja en directorios temporales de configuracion de ususario. El tema es que VUELVE a aparecer luego de eliminarlo. Ya escanie todo con el antivirus PC-CILLIN, con HouseCall (de la misma empresa de la web), le pase Ad-Aware, Spybot S&D, Avast y no lo detecta... ¿Alguna sugerencia para sacar a este molesto troyano?  Muchas Gracias!!!!!! Sergo  |
| InfoSpyware | ||
| |
|
09/01/07, 09:53:53
| |
| ||||
| Re: Troyano o algo asi, Ayuda por favor Olass! Analiza tu sistema con éstos dos Antivirus online: 
 Última edición por Gabriela María fecha: 09/01/07 a las 09:59:07. |
|
09/01/07, 14:48:25
| |
| ||||
| Re: Troyano o algo asi, Ayuda por favor Hola y bienvenido Además de lo que recomienda Gabriela, desactiva Restaurar Sistema, puede ser la causa de esto: Cita:
Saludos Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
09/01/07, 15:48:11
| |
| |||
| Re: Troyano o algo asi, Ayuda por favor Gracias a ambos por la ayuda... Les cuento que pase los dos Scans On line y me encontraron multiples bichejos... El Kapersky dice... (scan de C:) Tuesday, January 09, 2007 1:18:11 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 9/01/2007 Kaspersky Anti-Virus database records: 242597 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target Folders C:\ Scan Statistics Total number of scanned objects 71984 Number of viruses found 3 Number of infected objects 39 / 0 Number of suspicious objects 0 Duration of the scan process 01:46:40 Infected Object Name Virus Name Last Action C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-01-09.09-40-35.log Object is locked skipped C:\Archivos de programa\Trend Micro\Internet Security 14\Quarantine\9D.tmp Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Mili\Configuración local\Temp\26exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Mili\Configuración local\Temp\47exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Mili\Configuración local\Temp\59exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Mili\Configuración local\Temp\62exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Mili\Configuración local\Temp\6exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Sergio\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Sergio\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Sergio\Configuración local\Historial\History.IE5\MSHist0120070109200701 10\index.dat Object is locked skipped C:\Documents and Settings\Sergio\Configuración local\Temp\0exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\14exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\16exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\16exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\1exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\23exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\23exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\30exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\35exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\36exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\37exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\40exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\47exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\4exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\51exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\53exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\55exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\5exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\62exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\64exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\71exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\72exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\75exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\76exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\77exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\79exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\84exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\89exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\91exmodul32g.1.exe Infected: Trojan-Proxy.Win32.Horst.pt skipped C:\Documents and Settings\Sergio\Configuración local\Temp\92exssd32.a2.exe Infected: Trojan-Downloader.Win32.Horst.aj skipped C:\Documents and Settings\Sergio\Configuración local\Temp\setup.exe Infected: Trojan-Proxy.Win32.Horst.ua skipped C:\Documents and Settings\Sergio\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Sergio\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Sergio\NTUSER.DAT.LOG Object is locked skipped C:\mysql\data\CASA.err Object is locked skipped C:\mysql\data\ibdata1 Object is locked skipped C:\mysql\data\ib_logfile0 Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{3433B682-B403-4932-8E15-1FAE70548145}\RP21\A0100188.exe Infected: Trojan-Proxy.Win32.Horst.ua skipped C:\System Volume Information\_restore{3433B682-B403-4932-8E15-1FAE70548145}\RP21\A0100195.exe Infected: Trojan-Proxy.Win32.Horst.ua skipped C:\System Volume Information\_restore{3433B682-B403-4932-8E15-1FAE70548145}\RP21\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ib10 Object is locked skipped C:\WINDOWS\Temp\ib8 Object is locked skipped C:\WINDOWS\Temp\ib9 Object is locked skipped C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-10071102}.CDF Object is locked skipped Scan process completed. El EWIDO dice... (esta vez scan de todo...) __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Euroclick Path: C:\Documents and Settings\Sergio\Cookies\sergio@adopt.euroclick[1].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Sergio\Cookies\sergio@atdmt[1].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\Sergio\Cookies\sergio@mediaplex[1].txt Risk: Medium Name: TrackingCookie.Questionmarket Path: C:\Documents and Settings\Sergio\Cookies\sergio@questionmarket[2].txt Risk: Medium Name: Proxy.Horst.pt Path: [2688] C:\DOCUME~1\Sergio\CONFIG~1\Temp\76exmodul32g.1.ex e Risk: High Name: Proxy.Horst.pt Path: [3968] C:\DOCUME~1\Sergio\CONFIG~1\Temp\0exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: [3104] C:\DOCUME~1\Sergio\CONFIG~1\Temp\40exmodul32g.1.ex e Risk: High Name: Proxy.Horst.pt Path: [3524] C:\DOCUME~1\Sergio\CONFIG~1\Temp\23exmodul32g.1.ex e Risk: High Name: Proxy.Horst.pt Path: [3440] C:\DOCUME~1\Sergio\CONFIG~1\Temp\17exmodul32g.1.ex e Risk: High Name: Proxy.Horst.pt Path: [1148] VM_00400000 Risk: High Name: Adware.GoWebSite Path: C:\Archivos de programa\SourceTec\Sothink SWF Decompiler\MySearch\MySetp.exe Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Agus y Franco\Cookies\agus y franco@2o7[2].txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: C:\Documents and Settings\Agus y Franco\Cookies\agus y franco@ad.yieldmanager[2].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Documents and Settings\Agus y Franco\Cookies\agus y franco@adbrite[2].txt Risk: Medium Name: TrackingCookie.Adtech Path: C:\Documents and Settings\Agus y Franco\Cookies\agus y franco@adtech[2].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Agus y Franco\Cookies\agus y franco@atdmt[2].txt Risk: Medium Name: TrackingCookie.Sexcounter Path: C:\Documents and Settings\Agus y Franco\Cookies\agus y franco@cs.sexcounter[2].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\Agus y Franco\Cookies\agus y franco@doubleclick[2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Agus y Franco\Cookies\agus y franco@msnportal.112.2o7[1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Agus y Franco\Cookies\agus y franco@serving-sys[1].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.22:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.35:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.37:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.46:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.47:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.48:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Com Path: :mozilla.56:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.68:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.69:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.70:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.71:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.72:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.73:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.74:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.75:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.76:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.78:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.85:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.86:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.87:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.132:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.133:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.136:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.137:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.138:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.139:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.157:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.158:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.159:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Clickhype Path: :mozilla.165:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Overture Path: :mozilla.172:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Googleadservices Path: :mozilla.178:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Googleadservices Path: :mozilla.179:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Coremetrics Path: :mozilla.189:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Hitslink Path: :mozilla.190:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.194:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.195:C:\Documents and Settings\Agus y Franco\Datos de programa\Mozilla\Firefox\Profiles\8roq1atf.default \cookies.txt Risk: Medium Name: Proxy.Horst.pt Path: C:\Documents and Settings\Mili\Configuración local\Temp\26exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Mili\Configuración local\Temp\47exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Mili\Configuración local\Temp\59exssd32.a2.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Mili\Configuración local\Temp\62exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Mili\Configuración local\Temp\6exssd32.a2.exe Risk: High Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Mili\Cookies\mili@atdmt[1].txt Risk: Medium Name: TrackingCookie.Overture Path: :mozilla.22:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.28:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.29:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.30:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.32:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.33:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.34:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.38:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.40:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Casinotropez Path: :mozilla.43:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.50:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.54:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.55:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.56:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.57:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.58:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Cqcounter Path: :mozilla.83:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.102:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.103:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.104:C:\Documents and Settings\Mili\Datos de programa\Mozilla\Firefox\Profiles\b7wr7ckc.default \cookies.txt Risk: Medium Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\0exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\14exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\16exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\16exssd32.a2.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\17exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\1exssd32.a2.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\23exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\23exssd32.a2.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\30exssd32.a2.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\35exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\36exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\37exssd32.a2.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\40exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\47exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\4exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\51exssd32.a2.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\53exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\55exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\5exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\62exssd32.a2.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\64exssd32.a2.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\71exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\72exssd32.a2.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\75exssd32.a2.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\76exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\77exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\78exssd32.a2.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\79exmodul32g.1.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\84exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\89exssd32.a2.exe Risk: High Name: Proxy.Horst.pt Path: C:\Documents and Settings\Sergio\Configuración local\Temp\91exmodul32g.1.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\92exssd32.a2.exe Risk: High Name: Downloader.Agent.beg Path: C:\Documents and Settings\Sergio\Configuración local\Temp\9exssd32.a2.exe Risk: High Name: Downloader.Agent.aii Path: C:\Documents and Settings\Sergio\Configuración local\Temp\setup.exe Risk: High Name: TrackingCookie.Atdmt Path: :mozilla.24:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Mediaplex Path: :mozilla.25:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.38:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.39:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.40:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.41:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.42:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.46:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Webtrendslive Path: :mozilla.73:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.247realmedia Path: :mozilla.84:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.247realmedia Path: :mozilla.85:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.87:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.88:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.89:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.90:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.101:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.102:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.103:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.104:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.108:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.109:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.110:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.111:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.112:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.113:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Onestat Path: :mozilla.114:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Onestat Path: :mozilla.115:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.125:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.126:C:\Documents and Settings\Sergio\Datos de programa\Mozilla\Firefox\Profiles\30974zvu.default \cookies.txt Risk: Medium Name: Downloader.Agent.aii Path: C:\System Volume Information\_restore{3433B682-B403-4932-8E15-1FAE70548145}\RP21\A0100188.exe Risk: High Name: Proxy.Horst.ua Path: C:\System Volume Information\_restore{3433B682-B403-4932-8E15-1FAE70548145}\RP21\A0100195.exe Risk: High Elimine todo lo que se podia eliminar... y me quedo este reporte... que tambien limpié... wido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Proxy.Horst.pt Path: [1148] VM_00400000 Risk: High Name: Not-A-Virus.VirTool.Win32.AvSpoffer.a Path: D:\System Volume Information\_restore{3433B682-B403-4932-8E15-1FAE70548145}\RP21\A0103370.exe Risk: Low Name: Not-A-Virus.VirTool.Win32.AvSpoffer.a Path: D:\System Volume Information\_restore{3433B682-B403-4932-8E15-1FAE70548145}\RP21\A0103371.exe Risk: Low Name: Not-A-Virus.Hacktool.EvID Path: D:\System Volume Information\_restore{3433B682-B403-4932-8E15-1FAE70548145}\RP21\A0103372.exe Risk: Low cuando restauré el PC-Cilin detecto otra vez el virus... le pase el CCleaner y hasta ahora se calmó... Me gusto lo de desactivar la Restauracion... lo voy a hacer... Si tienen algun comentario extra por favor diganmelo... GRACIAS de NUEVO!!!! Saludos Sergio |
|
09/01/07, 16:05:49
| |
| ||||
| Re: Troyano o algo asi, Ayuda por favor Hola, las infecciones están en temporales y carpeta de Restaurar Sistema, también vaciá la cuerentena del antivirus, una infección (inactiva), está siendo detectada allí.. Hacé lo siguiente.  Baja CCleaner todavía no lo ejecutes. Descargá Spyboy y Ad-aware, actualizalos, pero no los ejecutes aun. Desactivá restaurar sistema. Reiniciá en Modo Seguro. Ejecutá CCleaner y los antispywares. Andá a Inicio->Ejecutar y escribís %temp%, borra el contenido NO la carpeta. Pasale nuevamente Kaspersky y pega el reporte.Saludos Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
09/01/07, 23:02:03
| |
| |||
| Re: Troyano o algo asi, Ayuda por favor Hola Salba, Hice cada uno de los pasos que me indicaste. Recien reincie todo y el tema sigue igual. Te pego el reporte de Kapersky... martes, 09 de enero de 2007 23:49:23 Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner versión: 5.0.84.0 Ultima actualización: 9/01/2007 Registros en la base antivirus: 242709 Configuración del análisis Analizar usando las siguientes bases standard Analizar archivos verdadero Analizar bases de correo verdadero Objetivo a analizar Mi PC C:\ D:\ E:\ F:\ G:\ H:\ Estadísticas Número de objeros analizados 92640 Virus encontrados 3 Objetos infectados 6 / 0 Objetos sospechosos 6 Duración del análisis 03  33Bombre del objeto infectado Nombre del virus Última acción C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\Sergio\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\Sergio\Configuración local\Historial\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\Sergio\Configuración local\Historial\History.IE5\MSHist0120070109200701 10\index.dat Object is locked saltado C:\Documents and Settings\Sergio\Cookies\index.dat Object is locked saltado C:\Documents and Settings\Sergio\NTUSER.DAT Object is locked saltado C:\Documents and Settings\Sergio\NTUSER.DAT.LOG Object is locked saltado C:\Documents and Settings\Sergio\UserData\index.dat Object is locked saltado C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado C:\WINDOWS\CSC\00000001 Object is locked saltado C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\default Object is locked saltado C:\WINDOWS\system32\config\default.LOG Object is locked saltado C:\WINDOWS\system32\config\SAM Object is locked saltado C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\SECURITY Object is locked saltado C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado C:\WINDOWS\system32\config\software Object is locked saltado C:\WINDOWS\system32\config\software.LOG Object is locked saltado C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\system Object is locked saltado C:\WINDOWS\system32\config\system.LOG Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado D:\System Volume Information\_restore{81B1D7FD-DDF0-44E3-991E-4ABA37A7A273}\RP382\A0133057.exe/system32.exe Infectados: Trojan.Win32.VB.cd saltado D:\System Volume Information\_restore{81B1D7FD-DDF0-44E3-991E-4ABA37A7A273}\RP382\A0133057.exe SetupFactory: infectado - 1 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_btackle.png Sospechosos: Exploit.Win32.MS05-009 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_ftackle.png Sospechosos: Exploit.Win32.MS05-009 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_lockup.png Sospechosos: Exploit.Win32.MS05-009 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_run.png Sospechosos: Exploit.Win32.MS05-009 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar Sospechosos: Exploit.Win32.MS05-009 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar RAR: sospechoso - 5 saltado E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado Análisis completado. Espero tu opinion Muchas Gracias!!!! Sergio |
|
09/01/07, 23:03:43
| |
| |||
| Re: Troyano o algo asi, Ayuda por favor Lo pego de nuevo porque copie mal... me falto una parte.... martes, 09 de enero de 2007 23:49:23 Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner versión: 5.0.84.0 Ultima actualización: 9/01/2007 Registros en la base antivirus: 242709 Configuración del análisis Analizar usando las siguientes bases standard Analizar archivos verdadero Analizar bases de correo verdadero Objetivo a analizar Mi PC C:\ D:\ E:\ F:\ G:\ H:\ Estadísticas Número de objeros analizados 92640 Virus encontrados 3 Objetos infectados 6 / 0 Objetos sospechosos 6 Duración del análisis 03 33Bombre del objeto infectado Nombre del virus Última acción C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\Sergio\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\Sergio\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\Sergio\Configuración local\Historial\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\Sergio\Configuración local\Historial\History.IE5\MSHist0120070109200701 10\index.dat Object is locked saltado C:\Documents and Settings\Sergio\Cookies\index.dat Object is locked saltado C:\Documents and Settings\Sergio\NTUSER.DAT Object is locked saltado C:\Documents and Settings\Sergio\NTUSER.DAT.LOG Object is locked saltado C:\Documents and Settings\Sergio\UserData\index.dat Object is locked saltado C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado C:\WINDOWS\CSC\00000001 Object is locked saltado C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\default Object is locked saltado C:\WINDOWS\system32\config\default.LOG Object is locked saltado C:\WINDOWS\system32\config\SAM Object is locked saltado C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\SECURITY Object is locked saltado C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado C:\WINDOWS\system32\config\software Object is locked saltado C:\WINDOWS\system32\config\software.LOG Object is locked saltado C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\system Object is locked saltado C:\WINDOWS\system32\config\system.LOG Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado D:\System Volume Information\_restore{81B1D7FD-DDF0-44E3-991E-4ABA37A7A273}\RP382\A0133057.exe/system32.exe Infectados: Trojan.Win32.VB.cd saltado D:\System Volume Information\_restore{81B1D7FD-DDF0-44E3-991E-4ABA37A7A273}\RP382\A0133057.exe SetupFactory: infectado - 1 saltado D:\Downloads\madmsn.zip/install.exe/ascii.exe Infectados: HackTool.Win32.MadMSN.40 saltado D:\Downloads\madmsn.zip/install.exe/updown.exe Infectados: HackTool.Win32.MadMSN.40 saltado D:\Downloads\madmsn.zip/install.exe Infectados: HackTool.Win32.MadMSN.40 saltado D:\Downloads\madmsn.zip ZIP: infectado - 3 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_btackle.png Sospechosos: Exploit.Win32.MS05-009 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_ftackle.png Sospechosos: Exploit.Win32.MS05-009 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_lockup.png Sospechosos: Exploit.Win32.MS05-009 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_run.png Sospechosos: Exploit.Win32.MS05-009 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar Sospechosos: Exploit.Win32.MS05-009 saltado E:\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar RAR: sospechoso - 5 saltado E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado Análisis completado. Ahora si... Gracias de nuevo |
|
09/01/07, 23:14:02
| |
| ||||
| Re: Troyano o algo asi, Ayuda por favor Hola, Asegurate de desactivar restaurar sitema de ambas cuentas, veo que existen Sergio y Mili. Iniciá sesión en cada una de ellas y desactivalo. Lo mismo, cada vez que inicies en una cuenta, te vas a Inicio->Ejecutar y escribís: %temp% y borrás todo el contenido de la carpeta, NO la carpeta, solo el contenido. Busca este archivo D:\Downloads\madmsn.zip y eliminalo. Después muestra posible infecciones en el software para el V3, sería mejor los elimines. Saludos tocayo Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. Última edición por Salba fecha: 09/01/07 a las 23:17:44. |
|
10/01/07, 12:03:05
| |
| |||
| Re: Troyano o algo asi, Ayuda por favor Hola gente.. hola Salba El problema sigue... verifique que la restauracion esta desactivada en todos los usuarios y tambien elimine todo lo que me propusiste... Una cosa noté... cuando inicio sesion... aparece el aviso detectando el troyano el cual pone en cuarentena el antivirus.... todos esto ademas de quedar en Temp... tambien veo el residente con el Task Manager... una vez que mato el proceso no aparecen mas los alertas... La pregunta es... donde puedo saber como se carga... para eliminarlo definitivamente... Gracias tocayo... y seguimos combatiendo al troyano... Sergio |
|
10/01/07, 13:38:50
| |
| ||||
| Re: Troyano o algo asi, Ayuda por favor Cita:
Es raro si ya vaciaste temporales y restaurar sistema. Andá a inicio->ejecutar: msconfig y en la pestaña Inicio fijate qué cosas se están cargando. Cita:
Saludos Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
| |
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| Problema con un troyano, ayuda por favor (Solucionado) | Hoja_Verde | Temas Solucionados | 12 | 25/08/06 12:57:11 |
| Mi Pc tiene un troyano backdoor o algo asi¡¡¡¡¡¡¡¡¡¡¡¡ | macarena gomez | Ayuda General | 3 | 31/07/06 23:08:58 |
| Problemas con un virus troyano - (Solucionado) | alex@nder | Temas Solucionados | 2 | 11/04/06 20:23:48 |
| Ayuda!! tengo un troyano | Beth | Foro de Virus y Spywares | 1 | 11/04/06 14:43:24 |
| Ayuda para eliminar troyano (Solucionado) | balobreca | Temas Solucionados | 9 | 04/03/06 02:16:47 |
Todas las horas son GMT -4. La hora es 11:02:03.
