"Malware Doctor" & "Adpclient" & "svchosts" Trojans (SOLUCIONADO)

Ginna Martinez · Mensaje por **Ginna Martinez** » 03 Jun 2009, 16:01

Estimados Amigos,

Tengo un problema, deje mi computador prendido en la noche y cuando llegue en la mañana a mi oficina, encontre muchas pantallas de error de microsoft explorer y ademas un programa instalado llamado "Malware Doctor" indicandome que tengo virus y que comprando ese programa se soluciona todo, he estado tranado de solucionarlo por mi cuenta y descargue un software llamado Spyware Doctos que indican que es uno de los mejores para detectar virus, pero para borrar los siguientes virus me indica que tengo que comprar la licencia 300 US$ (demasiado costosa). Podrian ayudarme con estoi, abajo lkes muestro lo que detecto este programa.

5 tipos de infecciones:

1. Application. TrackingCookies (15 Infecciones) Low - Alojado en Browser Cookie

2. Adware.Advertising (4 Infecciones) Low - Alojado en Browser Cookie

3. Trojan-Downloader.Adpclient (1 Infeccion) Medium - alojado en comsa32.sys

4. Trojan.Generic (5 Infecciones) Medium - Alojadoo en el startup y un valor del Registro

5. Adware.Component.Unrelated (1 infeccion) Low - Alojado en un Valor del Registro

Espero que me puedan ayudar, ademas de esto la computadora esta muy muy lenta

Muchas gracias y espero sus comentarios

Ginna Martinez

Ginna Martinez · Mensaje por **Ginna Martinez** » 03 Jun 2009, 16:06

Disculpen corrijo el costo es 30 US$ y ademas se me olvido indicarles que el scchosts.exe se ve es en el punto 4 Trojan.Generic

Un saludo y quedo a la espera de su pronta respuesta

Mensaje por **msc hotline sat** » 03 Jun 2009, 16:11

:lol: :lol: :lol: No vayas a pagarles nada !!! es un FAKE ALERT

Hay miles de variantes como esta, y los vamos controlando con el ELISTARA a medida que los vamos conociendo:

[quote]
~~[b]~~ ELISTARA: [/b]

http://www.zonavirus.com/descargas/elistara.asp

Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso
[/quote]

saludos

ms, 3-6-2009

Ginna Martinez · Mensaje por **Ginna Martinez** » 03 Jun 2009, 16:46

Gracias mss Hotline,

Te comento que ya corri el ElistarA y te posteo lo que dice el INFOSAT.txt, despues de eso se reinicio y el programa ya no sale, pero sigo teniendo el problema del Internet Explorer, apenas lo abro en unos segundo empiezan a aparecer unos anuncios de error, "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience", y solo me deja apretar dos botones "Send Error Report y Don´t Sent". puedo hacer dos (2) cosas

1. Si apreto cualquiera d elos dos (2) botones se me cierra el Internet Explorer y todo

2. Si aparto el letrero puedo seguir trabajando, pero como cada 5 min siguen apareciendo hasta que todo me colapsa

Por otro lado te comento que vovi a correr el programita ese que les dije que descargue y ahora solo me salen,

4 Infecciones

1. Trojan-Downloader.AdpClient y se encuentra en Comsa32.sys

2. Trojan.Generic y se encuentra ne el Svchosts.exe

Un abrzxo y espero sus prontas respuesta

(3-6-2009 14:14:04)

EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Key Eliminada [WinLogon\Notify\TPHOTKEY] -> C:\WINDOWS\SYSTEM32\TPHKLOCK.DLL

Por favor, envienos una muestra del fichero

C:\Muestras\TESTABD.EXE.Muestra EliStartPage v18.73

a "virus@satinfo.es". Gracias.

C:\PROGRAM FILES\THUNMAIL\TESTABD.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\TESTABD.DLL.Muestra EliStartPage v18.73

a "virus@satinfo.es". Gracias.

C:\PROGRAM FILES\THUNMAIL\TESTABD.DLL --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\TRUJILLD.EXE.Muestra EliStartPage v18.73

a "virus@satinfo.es". Gracias.

C:\DOCUMENTS AND SETTINGS\TRUJILLD\TRUJILLD.EXE --> Eliminado

C:\WINDOWS\SYSTEM32\TPHKLOCK.DLL --> Spy-Agent.KJ Renombrado a .VIR

Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKCU\...\Run] "svc"="C:\program Files\ThunMail\testabd.exe"

Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"

Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"

"Debugger"="NTSD -D"

Restaurado fichero de Configuración del IE, (IERESET.INF)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

(3-6-2009 14:18:31)

EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

(3-6-2009 14:24:25)

EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\JEUUVHBI]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\JEUUVHBI.DLL

a "virus@satinfo.es". Gracias.

Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"

Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"

"Debugger"="NTSD -D"

Eliminados Ficheros Temporales del IE

(3-6-2009 14:27:01)

EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

julibaga · Mensaje por **julibaga** » 03 Jun 2009, 16:54

Envía estas muestras:

[quote="Ginna Martinez"]C:\Muestras\TESTABD.EXE.Muestra EliStartPage v18.73

a "virus@satinfo.es". Gracias.

C:\PROGRAM FILES\THUNMAIL\TESTABD.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\TESTABD.DLL.Muestra EliStartPage v18.73

a "virus@satinfo.es". Gracias.

C:\PROGRAM FILES\THUNMAIL\TESTABD.DLL --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\TRUJILLD.EXE.Muestra EliStartPage v18.73

a "virus@satinfo.es". Gracias.

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\JEUUVHBI.DLL

a "virus@satinfo.es". Gracias[/quote]
Para ello recuerda:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253

Aparte entra en el Panel de control -> Opciones de Internet -> Opciones Avanzadas y le das al botón Restablecer.

Luego pruebas el Internet Explorer.

Salu2

Ginna Martinez · Mensaje por **Ginna Martinez** » 03 Jun 2009, 17:20

Amigos,

Ya se los envie,

Les comento tambien que yo tengo el antivirus TREND MICROtm Office Scan de la compañia donde trabajo y detecto 45 virus/malware por toda mi maquina y dice que se llama TROJ_RENOS.AWQ y hace referencia al archivo JEUUVHBI.dll, pero me dice que esta imposibilitado para limpiarlo

Espero que me puedan ayudar.

Un abrazo Ginna,

julibaga · Mensaje por **julibaga** » 03 Jun 2009, 17:24

Añádele la extensión .vir para "aparcarlo" hasta que lo analicen y los puedas eliminar con las utilerías satinfo.

Ginna Martinez · Mensaje por **Ginna Martinez** » 03 Jun 2009, 17:32

Listo, ya le agregue la extension .vir, les comento que reinicie la computadora y volvio a aparecer el fastidioso programa "MALWARE DOCTOR" y hice lo que me dijeron del Internet explorer funsiono por unos minutos y ya nuevamente esta saliendo el mensaje de Problemas en el Internet Explorer,

Un abrazo y espero sus comentarios.

nota: El email de los envie desde el correo <INTERCEPTADO>https://foros.zonavirus.com/viewtopic.php?f=1&t=17044

Espero sus comentarios

Ginna

Mensaje por **msc hotline sat** » 03 Jun 2009, 18:06

Recordar:

~~[b]~~¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253

Tras recibir los ficheros, los analizaremos e implementaremos su control y eliminacion, si procede, en nuestras utilidades, de lo cual informaremos

Ginna Martinez · Mensaje por **Ginna Martinez** » 03 Jun 2009, 23:31

Amigos,

Yo envie estos files a SATINFO y ellos me respondieron que habian actualizado el ELISTARA.exe y que lo descargar de su pagian WEB. Pero el problema es que para podrlo descargar desde ali pide User Name y Password, los cuales no tengo :(

Lo pero es que tengo tood el dia tratando de resolver el problema y no logro solucionarlo. La computadora esta muy muy lenta

Muchas gracias por todo y espero su pronta respuesta

Ginna :|

julibaga · Mensaje por **julibaga** » 03 Jun 2009, 23:33

~~[b]~~[url=http://www.zonavirus.com/descargas/elistara.asp]Elistara[/url][/b]

Ginna Martinez · Mensaje por **Ginna Martinez** » 03 Jun 2009, 23:40

Amigo,

Este no es el ultimo, ya lo pase y no funciono

:( :( :( :( :( :( :(

julibaga · Mensaje por **julibaga** » 03 Jun 2009, 23:52

Claro que es el último. Qué es lo que no te funcionó??

Ginna Martinez · Mensaje por **Ginna Martinez** » 04 Jun 2009, 00:16

ejjejeje

No elimino lo que tenia principalmente que eliminar "MALWARE DOCTOR".. SIgue todavia alli duro y no se muere

Ginna

julibaga · Mensaje por **julibaga** » 04 Jun 2009, 00:33

En c:\Archivos de programa mira si tienes la carpeta Malware Doctor y elimínala.

Luego busca c:\Documents and Settings\All Users\Menú Inicio\Programas\Malware Doctor

y la eliminas también.

Posteriormente vas a Inicio -> Ejecutar y escribes "regedit" (sin comillas)

busca las siguientes claves y elimínalas.

HKEY_CURRENT_USER\Software\Malware Doctor

HKEY_CURRENT_USER\Software\Malware Doctor\AntiSpy Knight

HKEY_LOCAL_MACHINE\SOFTWARE\Malware Doctor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Doctor_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Alcmtr"

Ojo!! no toques nada más que lo que te indico. Fíjate bien!!!!

Luego reinicias y me cuentas.

Mensaje por **msc hotline sat** » 04 Jun 2009, 07:49

Hay varias cosas a comentar:

La pagina de http://www.satinfo.es es para los usuarios con contrato de servicio tecnico de SATINFO, y las utilidades son exclusivas para ellos.

En este foro se ofrecen a titulo de evaluacion, algunas de ellas, para probarlas e informar del resultado, y cada día las actualizamos.

Descargue la actual versión del ELISTARA 18.74 y posteenos el infosat.txt resultante, gracias

[quote="para DESCARGAR el ELISTARA, msc"] http://www.zonavirus.com/descargas/elistara.asp

Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso [/quote]

saludos

ms, 4-6-2009

Ref VE/Ca+10.50-66.91

NOTA : Y muy importante, y que no ha hecho antes, es lo que indicamos ~~[b]~~[i][u]"Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso"[/u][/i][/b] Esto debe hacerse siempre, con un copiar y pegar de c:\infosat.txt tras probar cualquiera de dichas utilidades. ms.

Ginna Martinez · Mensaje por **Ginna Martinez** » 04 Jun 2009, 14:30

Amigos,

Abajo les respondo los puntos que tocaron, NOTA: SIGUE EL MALWARE DOCTOR--- EL CONDENADO NO SE MUERE

1. En c:\Archivos de programa - NO HAY NADA que diga MALWARE DOCTOR

2. En c:\Documents and Settings\All Users\Menú Inicio\Programas\Malware Doctor - NO HAY NADA que diga MALWARE DOCTOR

3. EL "Inicio -> Ejecutar y escribes "regedit" (sin comillas)" Regedit no se ejecuta y en verdad no se por que, debe ser el mismo MALWARE DOCTOR que no me lo permite ejecutar

4. Por otro lado volvi a descargar el ALISTAR y lo ejecute y no encontro nada, y abajo les poseteo el INFOSAT.TXT

Espero sus comentarios esto me esta volviendo loca.

Ginna, besos :wink: y gracias por todo

(3-6-2009 18:28:06)

EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"

Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"

"Debugger"="NTSD -D"

Eliminados Ficheros Temporales del IE

(3-6-2009 18:29:59)

EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

(3-6-2009 18:53:19)

EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"

Eliminados Ficheros Temporales del IE

(3-6-2009 18:54:33)

EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\Documents and Settings\TRUJILLD\Desktop\Muestras\TESTABD.DLL.MUESTRA ELISTARTPAGE V18.73 --> Eliminado, PWS-Wowpa(dll)

C:\Documents and Settings\TRUJILLD\Desktop\Muestras\TESTABD.EXE.MUESTRA ELISTARTPAGE V18.73 --> Eliminado, PWS-Wowpa

C:\Documents and Settings\TRUJILLD\Desktop\Muestras\TRUJILLD.EXE.MUESTRA ELISTARTPAGE V18.73 --> Eliminado, Trojan.Rabbit

(3-6-2009 18:56:02)

EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"

Restaurado fichero de Configuración del IE, (IERESET.INF)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

(3-6-2009 18:56:41)

EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

(4-6-2009 12:23:39)

EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"

Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"

Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"

"Debugger"="NTSD -D"

Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"

"Debugger"="NTSD -D"

Restaurado fichero de Configuración del IE, (IERESET.INF)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

(4-6-2009 12:25:00)

EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

Ginna Martinez · Mensaje por **Ginna Martinez** » 04 Jun 2009, 15:11

Amigos,

Me acabo de dar cuneta que aparte del computador estar lento y ver el ~~[b]~~[i]b[/i][/b]endito MALWARE SOFTWARE activandose y desactivandose, acabo de ver4 que el TASK MANAGER (Ctrl + Alt + Supr) el boton esta desactivado, al igual que no puedo accesar al REGEDIT

Esto ya yo no se que es, un VIRUS, TROJAN o Gusano, o todos juntos.

Espero su pronta ayuda, ya no se que hacer

:( :( :( :cry: :cry: :cry: :cry: :cry:

Chau

Ginna Martinez · Mensaje por **Ginna Martinez** » 04 Jun 2009, 15:32

Aclaro este es el MALWARE DOCTO V1.0, es diferente a uno anterior..... Este como que viene repotenciado y estado investigando, el mismo se empezo a reporstar a partir de la semana pasada.............

Espero su pronta ayuda

Ginna

Mensaje por **msc hotline sat** » 04 Jun 2009, 15:40

Es una familia de Fake Alerts, de los que hay cientos y cada día aparecen mas de nuevos.

Los que no te detecte el ELISTARA, envianoslos para analizar, pero posiblemente ya te los pedirá en el infosat, sino, ya sabes...

saludos

ms, 4-6-2009

Ginna Martinez · Mensaje por **Ginna Martinez** » 04 Jun 2009, 17:13

Amigos,

El ELISTRAA no detecta nada mas y los Spyware docts que tengo detenga ahora solamente el bloqueo del TaskManager pero no lo arreglan, No tengo nada mas para ayudarlos.

Este FAKE ALERTS como que es de los duros de Matar.

Un abrazo y quedare a la espera de sus comentarios mis amigos

:D

Mensaje por **msc hotline sat** » 04 Jun 2009, 17:24

Pues arranca en modo seguro (pulsando repetidamente F8 al arrancar y seleccionando dicha opcion,) y vuelve a probar el SPROCES y postearnos de nuevo el log resultante, lo analizaremos a ver qué queda para obrar en consecuencia

saludos

ms, 4-6-2009

NOTA: Veo que no lo habias probado antes, pues mira esto :

~~[b]~~SPROCES[/b] (herramienta de investigación)

http://www.zonavirus.com/descargas/sproces.asp

Y tras pulsar en SALIR, posteanos el contenido del C:\SPROCLOG.TXT con un copiar y pegar

ms.

Ginna Martinez · Mensaje por **Ginna Martinez** » 04 Jun 2009, 22:48

Bueno amigos,

Hice lo que ustedes me indicaron y aqui les posteo el C:\SPROCLOG.TXT, espero que esto les pueda ayudar a ayudarme con este gran problema que tengo

Apartando esto les comento que sigo corriendo el Spyware Doctor y sigue detectando lo siguiente

Trojan-Downloader.adpclient, Type medium y lo ubica en el siguiente archivo Comsa32.sys, voy a enviarcelo en un email a SATINFO a ver si eso les ayuda mis amigos

Espero su pronta respuesta :cry: :cry: :cry:

(4-6-2009 15:43:23 GMT)

SProces v3.8 (c)2009 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 3

Parche MS08-067 (Servicio Servidor) Instalado.

Internet Explorer: (v7.0.5730.13) 0

Nombre Equipo: EIMNET

Nombre Usuario: TRUJILLD

Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSAUXS.EXE

C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSSVC.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSTRAY.EXE

C:\DOCUMENTS AND SETTINGS\TRUJILLD\DESKTOP\SPROCES.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Chrome copyright - {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmcd.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKCU\..\Run: [Windows Video Drivers] C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe

O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\1361538659.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\1361538659.exe

O4 - Startup: CCC.lnk

O4 - Startup: desktop.ini

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/fhg.CAB

O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220638981956

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2) - http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) - http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444563540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://getmail.eim-co.com/dwa7W.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssupport.webex.com/client/T26L/support/ieatgpc.cab

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: ATIEXTEVENT - ATI2EVXX.DLL

O20 - Winlogon Notify: DIMSNTFY - %SYSTEMROOT%\SYSTEM32\DIMSNTFY.DLL

O20 - Winlogon Notify: JEUUVHBI - (no file)

O20 - Winlogon Notify: QCONGINA - QCONGINA.DLL

O20 - Winlogon Notify: WGALOGON - WGALOGON.DLL

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll

Información Adicional:

----------------------

Activada Restricción del Administador de Tareas.(DisableTaskMgr)

Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: AEGIS Protocol (IEEE 802.1x) v3.1.6.0 (AegisP) - Meetinghouse Data Communications - C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast!avscontrolservice - Unknown owner - C:\WINDOWS\System32\avast!AVSControlService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

**O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)

O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe

O23 - Service: DLABOIOM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLABOIOM.SYS

O23 - Service: DLADResN - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLADResN.SYS

O23 - Service: DLAIFS_M - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAIFS_M.SYS

O23 - Service: DLAOPIOM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAOPIOM.SYS

O23 - Service: DLAPoolM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAPoolM.SYS

O23 - Service: DLAUDFAM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAUDFAM.SYS

O23 - Service: DLAUDF_M - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAUDF_M.SYS

O23 - Service: DRVNDDM - Sonic Solutions - C:\WINDOWS\SYSTEM32\Drivers\DRVNDDM.SYS

O23 - Service: IBM Access Support (EGATHDRV) - IBM Corporation - C:\WINDOWS\SYSTEM32\EGATHDRV.SYS

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: fips32cup - Unknown owner - C:\WINDOWS\system32\drivers\fips32cup.sys

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: ibmfilter - IBM - C:\WINDOWS\system32\drivers\ibmfilter.sys

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

O23 - Service: mdmxsdk - Conexant - C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: nicsk32 - Unknown owner - C:\WINDOWS\system32\drivers\nicsk32.sys

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\SYSTEM32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

**O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: WLAN Transport (s24trans) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys

O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: securentm - Unknown owner - C:\WINDOWS\system32\drivers\securentm.sys

O23 - Service: sopidkc Service (sopidkc) - Tin Working Group - C:\WINDOWS\system32\sopidkc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: tmcomm - Trend Micro Inc. - C:\WINDOWS\system32\drivers\tmcomm.sys

O23 - Service: Trend Micro Filter (TmFilter) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys

O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: Trend Micro PreFilter (TmPreFilter) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\SYSTEM32\TPHDEXLG.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: Trend Micro VSAPI NT (VSApiNt) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: Wireless Zero Configuration WZCSVCtmlisten (wzcsvctmlisten) - Qncjvuu Manhycjkqyc - C:\WINDOWS\system32\3com_dmik.exe

Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: Intel(r) 82801 Audio Driver Install Service (WDM) (ac97intc) - Intel Corporation - C:\WINDOWS\SYSTEM32\drivers\ac97intc.sys

O23 - Service: aeaudio - Andrea Electronics Corporation - C:\WINDOWS\SYSTEM32\drivers\aeaudio.sys

O23 - Service: ati2mtag - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys

O23 - Service: Broadcom NetXtreme Gigabit Ethernet (b57w2k) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys

O23 - Service: CmdIde - CMD Technology, Inc. - C:\WINDOWS\system32\DRIVERS\cmdide.sys

**O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Intel(R) PRO Adapter Driver (E100B) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys

O23 - Service: GEAR ASPI Filter Driver (GEARAspiWDM) - GEAR Software Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys

O23 - Service: IEEE-1284.4 Driver HPZid412 (HPZid412) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys

O23 - Service: Print Class Driver for IEEE-1284.4 HPZipr12 (HPZipr12) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys

O23 - Service: USB to IEEE-1284.4 Translation Driver HPZius12 (HPZius12) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys

O23 - Service: HSFHWICH - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys

O23 - Service: HSF_DPV - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.sys

O23 - Service: IBMPMDRV - Lenovo. - C:\WINDOWS\SYSTEM32\DRIVERS\ibmpmdrv.sys

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Maxtor OneTouch Security Driver (MXOPSWD) - Maxtor Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NSC Infrared Device Driver (NSCIRDA) - National Semiconductor Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nscirda.sys

O23 - Service: nv - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys

O23 - Service: PCDRNDISUIO Usermode I/O Protocol (PcdrNdisuio) - Windows (R) 2000 DDK provider - C:\WINDOWS\SYSTEM32\DRIVERS\pcdrndisuio.sys

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PNDIS5 NDIS Protocol Driver (PNDIS5) - Unknown owner - D:\PNDIS5.SYS (file missing)

O23 - Service: Lenovo Parties Service Access Device Driver (psadd) - Lenovo (United States) Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\psadd.sys

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: Direct Parallel Link Driver (Ptilink) - Parallel Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys

O23 - Service: QCNDISIF - IBM Corporation. - C:\WINDOWS\SYSTEM32\drivers\qcndisif.SYS

O23 - Service: RIM Virtual Serial Port (RimSerPort) - Research in Motion Ltd - C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys

O23 - Service: BlackBerry Smartphone (RimUsb) - Unknown owner - C:\WINDOWS\SYSTEM32\Drivers\RimUsb.sys (file missing)

O23 - Service: RIM Virtual Serial Port v2 (RimVSerPort) - Research in Motion Ltd - C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys

O23 - Service: Secdrv - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys

O23 - Service: smwdm - Analog Devices, Inc. - C:\WINDOWS\SYSTEM32\drivers\smwdm.sys

O23 - Service: Synaptics TouchPad Driver (SynTP) - Synaptics, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys

*O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost -k DComLaunch (file missing)

O23 - Service: Trend Micro Common Firewall Service (tmcfw) - Trend Micro Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\TM_CFW.sys

O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

O23 - Service: TPInput - Lenovo, Ltd. and IBM Corporation. - C:\WINDOWS\SYSTEM32\DRIVERS\TPInput.sys

O23 - Service: Winbond Trusted Platform Module (TPM) - Winbond Electronics Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\tpm.sys

O23 - Service: NSC Integrated Trusted Platform Module 1.1 (TPM11) - National Semiconductor Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\nsctpm11.sys

O23 - Service: Conexant Setup API (UIUSys) - Unknown owner - C:\WINDOWS\SYSTEM32\drivers\UIUSys.sys (file missing)

O23 - Service: Apple Mobile USB Driver (USBAAPL) - Apple, Inc. - C:\WINDOWS\SYSTEM32\Drivers\usbaapl.sys

O23 - Service: Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP (w29n51) - Intel® Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\w29n51.sys

O23 - Service: winachsf - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys

Listado de Servicios (Deshabilitados):

--------------------------------------

O23 - Service: AliIde - Acer Laboratories Inc. - C:\WINDOWS\system32\DRIVERS\aliide.sys

O23 - Service: AMD AGP Bus Filter Driver (amdagp) - Advanced Micro Devices, Inc. - C:\WINDOWS\system32\DRIVERS\amdagp.sys

O23 - Service: asc - Advanced System Products, Inc. - C:\WINDOWS\system32\DRIVERS\asc.sys

O23 - Service: asc3550 - Advanced System Products, Inc. - C:\WINDOWS\system32\DRIVERS\asc3550.sys

O23 - Service: avast!antivirus - Unknown owner - (file missing)

O23 - Service: dac2w2k - Mylex Corporation - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

**O23 - Service: dmboot - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmboot.sys

O23 - Service: mraid35x - American Megatrends Inc. - C:\WINDOWS\system32\DRIVERS\mraid35x.sys

O23 - Service: ql1080 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql1080.sys

O23 - Service: ql12160 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql12160.sys

O23 - Service: ql1280 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql1280.sys

O23 - Service: SIS AGP Bus Filter (sisagp) - Silicon Integrated Systems Corporation - C:\WINDOWS\system32\DRIVERS\sisagp.sys

O23 - Service: Sparrow - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\sparrow.sys

O23 - Service: symc810 - Symbios Logic Inc. - C:\WINDOWS\system32\DRIVERS\symc810.sys

O23 - Service: symc8xx - LSI Logic - C:\WINDOWS\system32\DRIVERS\symc8xx.sys

O23 - Service: sym_hi - LSI Logic - C:\WINDOWS\system32\DRIVERS\sym_hi.sys

O23 - Service: sym_u3 - LSI Logic - C:\WINDOWS\system32\DRIVERS\sym_u3.sys

O23 - Service: ultra - Promise Technology, Inc. - C:\WINDOWS\system32\DRIVERS\ultra.sys

114 Servicios.

52 de Carga Automatica.

44 de Carga Manual.

18 Deshabilitados.

Mensaje por **msc hotline sat** » 05 Jun 2009, 07:49

Sí, claro, este fichero es sospechoso, lo analizaremos e informaremos

y del log posteado, vemos este sospechoso:

jbnmcd.dll

que quizas está en C:\windows\system32\, sino buesquelo con Inicio -> Buscar y envienoslo tambien, con estos otros:

C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe

(muevalo primero a C:\muestras con el ELIMOVER, marcando la casilla de añadir .VIR al original)

y envienos tambien:

C:\Documents and Settings\LocalService\Application Data\1361538659.exe

C:\WINDOWS\dhcp\svchost.exe

C:\WINDOWS\system32\drivers\fips32cup.sys

C:\WINDOWS\system32\drivers\securentm.sys

C:\WINDOWS\system32\sopidkc.exe

C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys

>~~[b]~~ENVIO DE MUESTRAS Y

ELIMINACION DE CLAVES - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253

Tras recibirlos, los analizaremos e implementaremos su control y eliminacion,

si procede, en nuestras utilidades, de lo cual informaremos

saludos

ms, 4-6-2009

[quote="Descarga de ELIMOVER:"]
http://www.zonavirus.com/descargas/elimover.asp[/quote]

Ginna Martinez · Mensaje por **Ginna Martinez** » 05 Jun 2009, 15:39

Amigos,

Ya envie las muestras, un saludo y gracias por toda su ayuda

Ginna Besos :D :D :D

Mensaje por **msc hotline sat** » 05 Jun 2009, 21:38

En cuanto el lunes nos reincorporemos al trabajo en SATINFO, los analizaremos y obraremos en consecuencia, de lo cual le informaremos

Mientras, puede añadir .VIR a la extension de dichos ficheros para que no se pongan en uso a partir del proximo reinicio, y si con alguno no hace falta, ya lo veremos y lo restableceremos a su extension original

saludos

ms, 5-6-2009.

Ginna Martinez · Mensaje por **Ginna Martinez** » 08 Jun 2009, 13:59

Amigos,

Estoy a la espera impaciente de su respuesta y solución, un abrazo

Ginna, :wink: :wink:

Mensaje por **msc hotline sat** » 08 Jun 2009, 15:48

Estamos en ello, son varios ficheros que vamos "colando" entre las muestras de clientes, y esperamos que con el ELISTARA 18.77 de esta tarde, ya se controlarán todos, rootkit, fraudtool malware doctor, ad clicker, trojan agent, downloaders, etc.

Cuando subamos la utilidad en cuestión ya informaremos.

saludos.

ms, 8-6-2009

Ginna Martinez · Mensaje por **Ginna Martinez** » 09 Jun 2009, 14:25

Amigos,

Muchas gracias por el nuevo ELISTARA , lo descargue hace unos momentos y elimino varias cosas y pareciera que deje de tener el probglema, pero todavia el Spyware Doctor que tengo sigue detectando un TROJAN-Downloader.Adpclient en el archivo comsa32.sys de C:\WINDOWS\SYSTEM32

Nota. Este Spyware Doctor lo detecta lo elimina y al rato vuelve a aparecer, asi sucesivamente, no se si es bueno o malo pero creo que esta muestra los puede ayudar

Les estoy enviando la muestra

Un abrazo besos y muchas gracias

Ginna

Mensaje por **msc hotline sat** » 09 Jun 2009, 15:20

Pues analizaremos la muestra y la pasaremos a controlar, pero si dice que tras eliminarlo vuelve a aparecer, igual hay un dropper o un downloader que lo regenera o un rootkit que lo oculta. Por si acasno pruebe de eliminarlo arrancando en modo seguro y nos comenta el resultado, a ver si asi se elimina del todo...

saludos

ms, 9-6-2009

"Malware Doctor" & "Adpclient" & "svchosts" Trojans (SOLUCIONADO)

"Malware Doctor" & "Adpclient" & "svchosts" Trojans (SOLUCIONADO)

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor v1.0"

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans

Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans