Necesito su consejo!!!! (Solucionado)

Bird · Mensaje por **Bird** » 22 Ago 2004, 19:20

Hola a todos otra vez!!

Heme aki otravez lidiando con el spyware, recien acabo de emigrar al xp y ya encuentro posibles problemas, pero antes de hacer cualquier cosa que gracias a ustedes aprendi (correr en modo seguro, deshabilitar restaurar sistema...etc etc) necesito de su consejo, ya que no se si todo lo que me encuentra el spybot o el ad-aware sea malo, el spy bot me detecta lo siguiente:

1. BFast

2. Alexa Related

3. DoubleClick

4. DSO Exploit (Ya habia aplicado el dsostop2 y mi equipo esta protegido, entonces por que aparece?)

5. HitBox

6. MediaPlex

Corri el Norton actualizado y no me detecta nada.

Por otra parte les dejo mi log del Ad-Aware que me detecto bastantes cosas:

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Domingo, 22 de Agosto de 2004 12:47:54 a.m.

Created with Ad-aware Personal, free for private use.

Using reference-file :01R338 19.08.2004

______________________________________________________

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

22-08-2004 12:47:54 a.m. - Scan started. (Smart mode)

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 22-08-2004 03:03:50 a.m.

BasePriority : Normal

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 22-08-2004 03:03:54 a.m.

BasePriority : High

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 22-08-2004 03:03:54 a.m.

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.

CompanyName : Microsoft Corporation

FileDescription : Aplicaci

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Sistema operativo Microsoft

Created on : 24/08/2001 03:00:00 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 24/08/2001 03:00:00 p.m.

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 22-08-2004 03:03:54 a.m.

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft

Created on : 09/09/2002 11:51:32 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 09/09/2002 11:51:32 p.m.

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 22-08-2004 03:03:55 a.m.

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 24/08/2001 03:00:00 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 24/08/2001 03:00:00 p.m.

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 22-08-2004 03:03:55 a.m.

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 24/08/2001 03:00:00 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 24/08/2001 03:00:00 p.m.

#:7 [ccsetmgr.exe]

FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\

ThreadCreationTime : 22-08-2004 03:03:58 a.m.

BasePriority : Normal

FileSize : 229 KB

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client Settings Manager Service

InternalName : ccSetMgr

OriginalFilename : ccSetMgr.exe

ProductName : Common Client

Created on : 19/08/2003 10:58:50 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2003 10:58:50 p.m.

#:8 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 22-08-2004 03:03:59 a.m.

BasePriority : Normal

FileSize : 983 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Explorador de Windows

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Sistema operativo Microsoft

Created on : 09/09/2002 11:51:28 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 09/09/2002 11:51:28 p.m.

#:9 [ccevtmgr.exe]

FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\

ThreadCreationTime : 22-08-2004 03:03:59 a.m.

BasePriority : Normal

FileSize : 249 KB

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client Event Manager Service

InternalName : ccEvtMgr

OriginalFilename : ccEvtMgr.exe

ProductName : Common Client

Created on : 19/08/2003 10:56:12 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2003 10:56:12 p.m.

#:10 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 22-08-2004 03:04:00 a.m.

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft

Created on : 24/08/2001 03:00:00 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 24/08/2001 03:00:00 p.m.

#:11 [ccapp.exe]

FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\

ThreadCreationTime : 22-08-2004 03:04:06 a.m.

BasePriority : Normal

FileSize : 69 KB

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Symantec Common Client User Session

InternalName : ccApp

OriginalFilename : ccApp.exe

ProductName : Common Client

Created on : 19/08/2003 10:55:56 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2003 10:55:56 p.m.

#:12 [directcd.exe]

FilePath : C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\

ThreadCreationTime : 22-08-2004 03:04:06 a.m.

BasePriority : Normal

FileSize : 640 KB

FileVersion : 5.10 (115)

ProductVersion : 5.10 (115)

Copyright : Copyright

CompanyName : Roxio

FileDescription : DirectCD Application

InternalName : DirectCD

OriginalFilename : Directcd.exe

ProductName : DirectCD

Created on : 14/09/2001 04:34:38 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 14/09/2001 04:34:38 p.m.

#:13 [ctfmon.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 22-08-2004 03:04:06 a.m.

BasePriority : Normal

FileSize : 13 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

OriginalFilename : CTFMON.EXE

ProductName : Microsoft

Created on : 09/09/2002 11:51:26 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 09/09/2002 11:51:26 p.m.

#:14 [mdm.exe]

FilePath : C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\

ThreadCreationTime : 22-08-2004 03:05:06 a.m.

BasePriority : Normal

FileSize : 264 KB

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

Copyright : Copyright (C) Microsoft Corp. 1997-2000

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

OriginalFilename : mdm.exe

ProductName : Microsoft Development Environment

Created on : 23/02/2001 03:07:30 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 23/02/2001 03:07:30 p.m.

#:15 [navapsvc.exe]

FilePath : C:\Archivos de programa\Norton AntiVirus\

ThreadCreationTime : 22-08-2004 03:05:06 a.m.

BasePriority : Normal

FileSize : 155 KB

FileVersion : 10.00.2

ProductVersion : 10.00.2

Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

ProductName : Norton AntiVirus

Created on : 18/08/2004 06:00:21 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 12/05/2004 07:53:44 p.m.

#:16 [savscan.exe]

FilePath : C:\Archivos de programa\Norton AntiVirus\

ThreadCreationTime : 22-08-2004 03:05:28 a.m.

BasePriority : Normal

FileSize : 189 KB

FileVersion : 9.2.1.14

ProductVersion : 9.2

Copyright : Copyright (c) 2003 Symantec Corporation

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus Scanner

InternalName : SAVSCAN

OriginalFilename : SAVSCAN.EXE

ProductName : Symantec AntiVirus AutoProtect

Created on : 18/08/2004 05:48:27 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 08/11/2003 12:46:58 a.m.

#:17 [msmsgs.exe]

FilePath : C:\Archivos de programa\Messenger\

ThreadCreationTime : 22-08-2004 05:47:13 a.m.

BasePriority : Normal

FileSize : 1476 KB

FileVersion : 4.7.0041

ProductVersion : Version 4.7

Copyright : Copyright (c) Microsoft Corporation 1997-2001

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

OriginalFilename : msmsgs.exe

ProductName : Messenger

Created on : 17/08/2004 08:21:50 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 20/08/2002 08:08:38 p.m.

#:18 [ad-aware.exe]

FilePath : C:\ARCHIV~1\LAVASOFT\AD-AWA~1\

ThreadCreationTime : 22-08-2004 05:47:40 a.m.

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 22/08/2004 05:32:46 a.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 13/07/2003 02:00:20 a.m.

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Alexa Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 1

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 1

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!

Type : File

Data : alfredo@hitbox[2].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 22/08/2004 03:14:25 a.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 22/08/2004 03:22:28 a.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@ehg-dig.hitbox[2].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

FileSize : 1 KB

Created on : 22/08/2004 03:14:28 a.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 22/08/2004 03:22:28 a.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@doubleclick[1].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 19/08/2004 03:20:57 a.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2004 03:21:32 a.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@casalemedia[1].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 19/08/2004 04:37:50 a.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2004 04:37:52 a.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@as-us.falkag[1].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 19/08/2004 04:37:55 a.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2004 04:37:56 a.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@gator[1].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 19/08/2004 04:37:55 a.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2004 04:37:56 a.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@z1.adserver[1].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 19/08/2004 04:40:26 a.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2004 04:40:28 a.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@realmedia[2].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 19/08/2004 06:59:09 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2004 06:59:10 p.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@fastclick[1].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 19/08/2004 04:38:35 a.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2004 07:12:20 p.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@zedo[2].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 19/08/2004 07:12:17 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2004 07:12:24 p.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@mediaplex[1].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 19/08/2004 10:01:55 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 19/08/2004 10:01:56 p.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@ehg-chrysler.hitbox[1].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

FileSize : 1 KB

Created on : 20/08/2004 12:48:06 a.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 20/08/2004 12:48:58 a.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@cgi-bin[2].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 21/08/2004 04:02:06 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 21/08/2004 04:02:08 p.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@adserver.hispavista[2].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 21/08/2004 04:06:23 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 21/08/2004 04:06:26 p.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@promo.match[2].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 21/08/2004 04:59:08 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 21/08/2004 04:59:10 p.m.

Tracking Cookie Object recognized!

Type : File

Data : alfredo@bfast[2].txt

Object : C:\Documents and Settings\Alfredo\Cookies\

Created on : 21/08/2004 05:49:29 p.m.

Last accessed : 22/08/2004 05:00:00 a.m.

Last modified : 21/08/2004 05:49:36 p.m.

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 17

12:50:55 a.m. Scan complete

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:03:00:990

Objects scanned :44793

Objects identified :17

Objects ignored :0

New objects :17

[color=darkred]Disculpen la molestia del enorme log, y agradezco de antema su consejo.[/color]

Salu2 a to2. :)

Amarant_bore · Mensaje por **Amarant_bore** » 22 Ago 2004, 20:18

Supongo que queres decir que recien instalaste XP

Para empezar el Ad-ware no es un antivirus y hay ciertas cosas que detecta que en realidad envian datos de registro de software entre otras cosas.

Cuando yo empeze instalando el XP y probe el Ad-ware me detecto un objeto (Alexa related) y lo borre.

No paso nada pero por las dudas el Ad-ware te hace copias de respaldo

si te llega a traer problemas eliminarlo lo recuperas y listo.

Del SpyBot no te puedo ayudar porque no pusiste un log y nisiquiera pusiste que te detecto.

Espero que esto te ayude.

Salu2

Bird · Mensaje por **Bird** » 22 Ago 2004, 20:32

Gracias Amarant_bore, pues si por lo mismo estoy pidiendo consejos, para saber si en realidad me causaran problemas....y si puse que me detecta el spybot, si chekas bien es la primera lista...

Saludos

caito · Mensaje por **caito** » 22 Ago 2004, 21:03

Lo primero es actualizar el XP , andá a windows update y hacélo.

Despues bajá la última v. del Adaware ( antes debes borrar la anterior ) :

http://www.majorgeeks.com/download506.html

el DSO exploit es un bug del Spy no hay problema.

Salu2

Caito

Bird · Mensaje por **Bird** » 23 Ago 2004, 06:30

ok, todo esta ahora actualizado...listo para seguir tu consejo caito...

:)

Mensaje por **maura63** » 23 Ago 2004, 09:34

Y para el DSO EXPLOIT sea bug o no que hay duda, simplemente con poner el valor 1004 D_WORD en (3) en cada entrada que detecte spybot es suficiente.

Normalmente salen 6 entradas, la utilidad de antidso soluciona dos, con el cambio de valor se soluciona.

Saludos

maura63

Bird · Mensaje por **Bird** » 24 Ago 2004, 06:08

Si, solo tengo una duda maura63, se cambian los ceros, por tres? o q número es el q se cambia?

Todo lo demas q me detecta el ad-aware lo elimino?

Gracias

Saludos

:)

Bird · Mensaje por **Bird** » 26 Ago 2004, 03:42

Algun consejo??

:?:

Saludos

caito · Mensaje por **caito** » 26 Ago 2004, 04:47

Yo personalmente elimino todo lo que me marca el Adaware y el SpyBot.

en cuanto al DSO Exploit mira este tópico :

https://foros.zonavirus.com/viewtopic.php?t=1608

Salu2

Caito

Mensaje por **maura63** » 26 Ago 2004, 08:27

En "Información del valor" (Base 'Hexadecimal'), cambiamos el "0" por un "3" y seleccionamos "Aceptar".

[color=darkred]En la columna datos debería quedar algo como 0x00000003 (3) [/color]

Salimos del editor del registro (menú "Registro", "Salir"), y reiniciamos nuestra computadora.

Cambiando ese valor en todas las entradas adios dso/exploit.

Y todo lo que te detecte Spybot o Ad_aware lo eliminas sin mayor problema.

Damos por Solucionado el tema.

Saludos

maura63

Saludos

maura63