Eliminar entradas o claves Hijackthis

furthermore · Mensaje por **furthermore** » 22 Ago 2007, 18:58

Estoy intentando eliminar las ventanas del CiD.

Despues de actualizar Windows, pasar 200 anti-spyware y seguir los pasos que vosotros indicáis (enlistara, mode seguro, hijackthis), ahora cualquiera se atreve a borrar nada aunque hay una cosa por ahí sin fichero y un owns blue que no me suena de nada.... Adjunto log.

Muchísimas gracias

Logfile of HijackThis v1.99.1

Scan saved at 18:39:36, on 22/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Documents and Settings\aamayaam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Defy Inside Proc Heart] C:\Documents and Settings\All Users\Application Data\burn download defy inside\Owns Blue.exe

O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: VPN Client.lnk = ?

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: SSO - {2FBE4EA9-CA44-470A-98EF-142DE942AA76} - https://sso.capgemini.com/autologon.asp?url=home (file missing) (HKCU)

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://digitalfuel.webex.com/client/T25L/webex/ieatgpc.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spain.capgemini.com

O17 - HKLM\Software\..\Telephony: DomainName = spain.capgemini.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{661B47E7-C18A-43CE-99FC-891AA148B705}: NameServer = 80.58.61.250,80.58.61.254

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spain.capgemini.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Unknown owner - C:\Program Files\Equant\Dialer\EACSvrMngr.exe

O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Unknown owner - C:\Program Files\Equant\Dialer\EACSys.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

furthermore · Mensaje por **furthermore** » 23 Ago 2007, 10:46

No había puesto el log de Elistara. Lo adjunto.

Muchísimas gracias por vuestra ayuda, estoy verdaderamente desesperada con las ventanitas...

Wed Aug 22 18:10:35 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminada Clave "HKLM\...\Image File Execution Options\Your Image File Name Here without a path"

Restaurado fichero de Configuración del IE, (IERESET.INF)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Wed Aug 22 18:14:20 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

[quote="furthermore"]Estoy intentando eliminar las ventanas del CiD.

Despues de actualizar Windows, pasar 200 anti-spyware y seguir los pasos que vosotros indicáis (enlistara, mode seguro, hijackthis), ahora cualquiera se atreve a borrar nada aunque hay una cosa por ahí sin fichero y un owns blue que no me suena de nada.... Adjunto log.

Muchísimas gracias

Logfile of HijackThis v1.99.1

Scan saved at 18:39:36, on 22/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Documents and Settings\aamayaam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Defy Inside Proc Heart] C:\Documents and Settings\All Users\Application Data\burn download defy inside\Owns Blue.exe

O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: VPN Client.lnk = ?

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: SSO - {2FBE4EA9-CA44-470A-98EF-142DE942AA76} - https://sso.capgemini.com/autologon.asp?url=home (file missing) (HKCU)

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://digitalfuel.webex.com/client/T25L/webex/ieatgpc.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spain.capgemini.com

O17 - HKLM\Software\..\Telephony: DomainName = spain.capgemini.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{661B47E7-C18A-43CE-99FC-891AA148B705}: NameServer = 80.58.61.250,80.58.61.254

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spain.capgemini.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Unknown owner - C:\Program Files\Equant\Dialer\EACSvrMngr.exe

O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Unknown owner - C:\Program Files\Equant\Dialer\EACSys.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe[/quote]

Mensaje por **msc hotline sat** » 23 Ago 2007, 13:27

Pues ya cuando pasate el ELISTARA si es que ha habido CiD, ya no estaba, pudiendo solo quedar restos, como esta clave:

O4 - HKLM\..\Run: [Defy Inside Proc Heart] C:\Documents and Settings\All Users\Application Data\burn download defy inside\Owns Blue.exe

Enviando el fichero que lanza:

C:\Documents and Settings\All Users\Application Data\burn download defy inside\Owns Blue.exe

->~~[b]~~ Para ello recordar[/b]: https://foros.zonavirus.com/viewtopic.php?f=2&t=45334

y lo analizaremos, para, si es virus, proceder a la eliminación de dicha clave

y aparte de enviarnoslo para su control en posteriores versiones del ELISTARA, si es el caso, subalo al VirusTotal y nos postea el resultado, para obrar en consecuencia:

https://www.virustotal.com/es/

saludos

ms, 23-08-2007

furthermore · Mensaje por **furthermore** » 23 Ago 2007, 15:27

Parece que eliminando esa clave han desaparecido las pop-ups.............Mil gracias!!!!!!!!!

El resultado de VirusTotal efectivamente detecta que el archivo es maligno...

Posteo el resultado

Motor antivirus Versión Última actualización Resultado

AhnLab-V3 2007.8.22.0 2007.08.23 -

AntiVir 7.4.1.63 2007.08.23 -

Authentium 4.93.8 2007.08.22 -

Avast 4.7.1029.0 2007.08.22 Win32:Obfuscated-BPS

AVG 7.5.0.484 2007.08.22 Downloader.Obfuskated

BitDefender 7.2 2007.08.23 Trojan.FatObfus.2.Gen

CAT-QuickHeal 9.00 2007.08.23 -

ClamAV 0.91 2007.08.23 -

DrWeb 4.33 2007.08.23 -

eSafe 7.0.15.0 2007.08.23 -

eTrust-Vet 31.1.5082 2007.08.23 -

Ewido 4.0 2007.08.23 -

FileAdvisor 1 2007.08.23 -

Fortinet 2.91.0.0 2007.08.23 -

F-Prot 4.3.2.48 2007.08.22 -

F-Secure 6.70.13030.0 2007.08.23 Trojan.Win32.Obfuscated.en

Ikarus T3.1.1.12 2007.08.23 not-a-virus:AdWare.Win32.Lop.ag

Kaspersky 4.0.2.24 2007.08.23 Trojan.Win32.Obfuscated.en

McAfee 5103 2007.08.22 -

Microsoft 1.2803 2007.08.23 -

NOD32v2 2479 2007.08.23 -

Norman 5.80.02 2007.08.22 -

Panda 9.0.0.4 2007.08.23 Suspicious file

Prevx1 V2 2007.08.23 Adware.Lop

Rising 19.37.32.00 2007.08.23 Trojan.FatObfus.q

Sophos 4.20.0 2007.08.23 -

Sunbelt 2.2.907.0 2007.08.23 VIPRE.Suspicious

Symantec 10 2007.08.23 -

TheHacker 6.1.8.171 2007.08.23 -

VBA32 3.12.2.3 2007.08.23 MalwareScope.Trojan-Downloader.Obfuscated.2

VirusBuster 4.3.26:9 2007.08.22 -

Webwasher-Gateway 6.0.1 2007.08.23 Win32.Malware.gen (suspicious)

Información adicional

Tama?rchivo: 2462208 bytes

MD5: 62d365c56eb35583c8e34f456dc61cf0

SHA1: 107cc1dec2a1015d5fc01c8387523525eb8c64fe

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=F391481200C57555923325815844A200FF6E9C8F

Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Mensaje por **msc hotline sat** » 23 Ago 2007, 20:44

Pues envienos este fichero para analizar, como le indicamos, y asi implementaremos su control y eliminacion en nuestras utilidades.

saludos

ms, 23-08-2007

Mensaje por **msc hotline sat** » 01 Sep 2007, 11:18

Recibido fichero, se detecta nueva variante de SWIZZOR que pasamos a controlar a partir de ELISTARA 14.55

ELISTARA:

http://www.zonavirus.com/descargas/elistara.asp

Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso

saludos

ms, 1-09-2007

Eliminar entradas o claves Hijackthis

Eliminar entradas o claves Hijackthis

Re: Eliminar entradas o claves Hijackthis

Por fin!!!!!!!!! Resultado Virus Total