Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

amigos, ya le pase e hice todas las indicaciones para eliminar el virus desnuda.exe...

Al final de todo pase el KASPERSKY ONLINE SCANNER REPORT y este es el resultado:


Thursday, May 24, 2007 4:39:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/05/2007
Kaspersky Anti-Virus database records: 328644


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 106091
Number of viruses found 2
Number of infected objects 4 / 0
Number of suspicious objects 0
Duration of the scan process 00:59:40

Infected Object Name Virus Name Last Action
C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab\AVP6\Report\03da_File_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab\AVP6\Report\03de_Web_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped

C:\Documents and Settings\Jpompa\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jpompa\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Jpompa\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Jpompa\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jpompa\Configuración local\Historial\History.IE5\MSHist0120070524200705 25\index.dat Object is locked skipped

C:\Documents and Settings\Jpompa\Configuración local\Temp\~DFB240.tmp Object is locked skipped

C:\Documents and Settings\Jpompa\Configuración local\Temp\~DFB382.tmp Object is locked skipped

C:\Documents and Settings\Jpompa\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Jpompa\Datos de programa\Microsoft\Plantillas\Normal.dot Object is locked skipped

C:\Documents and Settings\Jpompa\Datos de programa\Microsoft\Word\Guardado con Autorrecuperación de Documento1.asd Object is locked skipped

C:\Documents and Settings\Jpompa\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Jpompa\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\Jpompa\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\~DFE2F8.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

hola buenas!!


Hola bienvenid@ al foro ,

realiza los siguientes pasos, sin saltarte ninguno por favor:


Para comenzar debes descargarte las siguientes herramientas:
• SUPERAntispyware.
• CCleaner +manual
• DelPSGuard (ultima version) siguiendo su manual atentamente (Manual)
""La herramienta DelPSGuard fue creada y es mantenida por el "Equipo de InfoSpyware" para detectar y eliminar, todas las variantes actuales del Malware.Psguard y sus extensa familia.""
Despues haz lo siguiente:
desactiva el "Restaurar Sistema" (System Restore) Solo en Win ME y XP.
• activa "ver archivos ocultos"
• inicia el pc en "Modo a Prueba de Fallos" (modo seguro)

Desinstala cualquier programa relacionado (Desde Agregar o Quitar Programas):


* AdwareDelete
* AdwareSheriff
* AlfaCleaner
* Antispyware Soldier
* AntivirusGold
* AntivirusGolden
* Antivirus-Golden
* AntiVermins
* AntiVerminser
* BraveSentry
* Brain Codec
* Daily Weather Forecast
* Error Safe
* Internet Security
* Key Generator
* MalwareWipe
* MalwareWipePro
* MalwareWiped
* MalwareWiper
* Malware-Wipe
* My Pass Generator
* MyWebSearch
* PestCapture
* PestTrap
* PECarlin
* PornMag Pass
* PornPass Manager
* PSGuard
* P.S.Guard
* Registry Cleaner
* Save
* Safety Alerter 2006
* Safety Bar
* Search Maid
* Security IGuard
* Security Toolbar
* SpyAxe
* SpyGuard
* SpyFalcon
* Spy-Heal
* SpyHeal
* SpyMarshal
* SpySheriff
* SpySoldier
* SpyKiller
* SpywareKnight
* SpyQuake2.com
* SpywareQuake
* SpywareQuake.com
* SpywareSheriff
* SpywareStrike
* SpywareHeal
* SystemDoctor 2006 Free
* Spyware Soft Stop
* TitanShield Antispyware
* Trust Cleaner
* TrustIn Bar
* TrustIn Contextual
* TrustIn Popups
* vb
* VSAdd-in
* Virtual Maid
* VirusBlast
* Virus-Burst
* VirusBurst
* VirusBurster
* VirusBursters
* Virus-Bursters
* VideoAccess
* WinHound
* WinAntiSpyPro
* WinAntiVirus Pro 2006
o cualquier otro que se encuentre en el
* Listado completo de programas de la familia Malware.PSguard
* Listado de Codecs falsos (Actualizado al 02/3/07) [/COLOR]

Pasas las siguientes herramientas, una por una , y en este orden:

•

• Usa el Ccleaner para eliminar archivos innecesarios,primero utilizá la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos
  
  • DelPSGuard
  • SuperAntiSpyware
  • CCleaner,,pero esta vez usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Una vez hecho esto :

• Reinicia tu sistema para volver a Modo Normal
• Esconde los archivos ocultos


**El reporte del DelPSGuard lo pegas en este mismo tema

junto con los reportes de :
ewido - manual ewido usa la opcion Remove Infections
karpesky - manual karpesky
y pegas el reporte ke te salga en este mismo post.

Name: TrackingCookie.Webtrends
Path: C:\Documents and Settings\Jpompa\Cookies\jpompa@m.webtrends[2].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Jpompa\Cookies\jpompa@ssl-hints.netflame[2].txt
Risk: Medium

Name: Downloader.Murlo.en
Path: C:\Documents and Settings\Jpompa\Configuración local\Temp\__delete_on_reboot__t_m_p_1_._t_m_p_
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\System Volume Information\_restore{87C67BE8-7AEA-4FAD-9A7C-3A39700A6898}\RP2\A0000036.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\System Volume Information\_restore{87C67BE8-7AEA-4FAD-9A7C-3A39700A6898}\RP2\A0000037.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\System Volume Information\_restore{87C67BE8-7AEA-4FAD-9A7C-3A39700A6898}\RP2\A0000038.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\System Volume Information\_restore{87C67BE8-7AEA-4FAD-9A7C-3A39700A6898}\RP2\A0000039.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\System Volume Information\_restore{87C67BE8-7AEA-4FAD-9A7C-3A39700A6898}\RP2\A0000040.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\aibrbaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\aihpshld.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\aiibaaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\aioqnaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\aispuekd.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\aiyweqny.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\ambgqasq.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\drilmihq.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\drkpaaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\drlbqgoe.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\drvaaaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\gtkpmimy.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\gtvohtku.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\gxjnmuwr.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\jowpaaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\mcaidcxh.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\mcnqnore.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\mcqaaaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\mcucyaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\mgghqaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\mglcaaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\mglkaaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\piacaaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\pihyrlku.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\pipeqdsn.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\piuqxkdq.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\pixaaaaa.exe
Risk: High

Name: Downloader.VB.fn
Path: C:\WINDOWS\system32\SBO\SE1081.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\shgdaaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\shtcvafo.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\vupgaaaa.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\vyciujrc.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\vycpaylj.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\vyejihlh.exe
Risk: High

Name: Trojan.Zapchast.ca
Path: C:\WINDOWS\system32\vyitaaaa.exe
Risk: High

Name: Downloader.VB.fn
Path: D:\Publico\MUSICA MP3\Variada\Windows Media Player 10+keygen.zip/setup.exe
Risk: High

Name: Downloader.VB.fn
Path: D:\Publico\MUSICA MP3\Variada\Windows Media Player 10+keygen.zip/keygen.exe
Risk: High

que puedo hacer en este caso?

Quien me ayuda?

hola,,ademas de los pasos anteriores

descarga:
FileASSASSIN
- desactiva el "Restaurar Sistema" (System Restore) Solo en Win ME y XP. y
activa "ver archivos ocultos"

inicia el pc en "Modo a Prueba de Fallos" (modo seguro)

Busca y elimina los siguientes archivos (los pongo en rojo) usando FileASSASSIN:

• C:\WINDOWS\system32\aibrbaaa.exe
  
  
• C:\WINDOWS\system32\aihpshld.exe
  
  
• C:\WINDOWS\system32\aiibaaaa.exe
  
  
• C:\WINDOWS\system32\aioqnaaa.exe
  
  
• C:\WINDOWS\system32\aispuekd.exe
  
  
• C:\WINDOWS\system32\aiyweqny.exe
  
  
• C:\WINDOWS\system32\ambgqasq.exe
  
  
• C:\WINDOWS\system32\drilmihq.exe
  
• C:\WINDOWS\system32\drkpaaaa.exe
  
• C:\WINDOWS\system32\drlbqgoe.exe
  
• C:\WINDOWS\system32\drvaaaaa.exe
  
• C:\WINDOWS\system32\gtkpmimy.exe
  
• C:\WINDOWS\system32\gtvohtku.exe
  
  
• C:\WINDOWS\system32\gxjnmuwr.exe
  
• C:\WINDOWS\system32\jowpaaaa.exe
  
• C:\WINDOWS\system32\mcaidcxh.exe
  
• C:\WINDOWS\system32\mcnqnore.exe
  
• C:\WINDOWS\system32\mcqaaaaa.exe
  
• C:\WINDOWS\system32\mcucyaaa.exe
  
• C:\WINDOWS\system32\mgghqaaa.exe
  
• C:\WINDOWS\system32\mglcaaaa.exe
  
• C:\WINDOWS\system32\mglkaaaa.exe
  
• C:\WINDOWS\system32\piacaaaa.exe
  
• C:\WINDOWS\system32\pihyrlku.exe
  
• C:\WINDOWS\system32\pipeqdsn.exe
  
• C:\WINDOWS\system32\piuqxkdq.exe
  
• C:\WINDOWS\system32\pixaaaaa.exe
  
• C:\WINDOWS\system32\SBO\SE1081.exe
  
• C:\WINDOWS\system32\shgdaaaa.exe
  
• C:\WINDOWS\system32\shtcvafo.exe
  
• C:\WINDOWS\system32\vupgaaaa.exe
  
• C:\WINDOWS\system32\vyciujrc.exe
  
• C:\WINDOWS\system32\vycpaylj.exe
  
• : C:\WINDOWS\system32\vyejihlh.exe
  
• C:\WINDOWS\system32\vyitaaaa.exe
  
• D:\Publico\MUSICA MP3\Variada\Windows Media Player 10+keygen.zip
  

• Selecciona Panel de control, Opciones de Internet, General
• En Archivos temporales de Internet pincha en "Eliminar archivos"
• Marca la opción "Eliminar todo el contenido sin conexión"
• Pincha en Aceptar.

despues de esto revisa si aun esta --> C:\Documents and Settings\Jpompa\Configuración local\Temp\__delete_on_reboot__t_m_p_1_._t_m_p_ si existe eliminalo de la misma forma que los anteriores.

.sigue los anteriores pasos y dejanos los reportes de las herramientas y del scan .

recuerda ocultar los archivos y activar restaurar sistema.