CARPETAS EXTRAÑAS EN WINDOWS/APPLICATION DATA (SOLUCIONADO)

carmen2305 · Mensaje por **carmen2305** » 17 Sep 2007, 20:08

[color=blue]muy buenas!

Esta tarde he pasado el elistara y me ha salido esto:

Mon Sep 17 19:02:37 2007

EliStartPage v14.65 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.win-anti-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.win-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantiviruspro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.windrivesafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winsoftware.com ## added by CiD

Mon Sep 17 19:02:56 2007

EliStartPage v14.65 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Archivos de programa\MessengerPlus! 3\MSGPLUSLOADER.DLL --> Acceso Denegado, Puper (dropper)

C:\WINDOWS\Application Data\aboutokayforddefault\BYTE BOLD.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\HEARTFREE.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\ONE JUNK.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\MIX SIXTH.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\ITCH REAL.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\DOGCASH.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\MEOW GRIM.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\DENT BIND.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\OBJMETA.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\WINTRAY.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\EGGS THIS.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\2 DASH.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\LITE 16.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\PLAN LIES.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\FACEBIB.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\DATAPOKE.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\DEFY SKIP.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\BATOPEN.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\DELETEGRAM.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\USER ONLINE.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\BOLT HECK.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\BALM THAT.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\LICENSE SIGN.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\MEET INSIDE.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\MEAL INFO.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\AUDIO GLUE.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\NEW DENT.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\AUDIOINTERNET.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\HOLE HOPE.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\SOFTWARE INTRA.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\GRIM LOGO.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\FLAG MEDIA.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\KEEP WEB.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\SHIM ADMIN.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\ERROREACH.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\aboutokayforddefault\ITCH DELETE.EXE --> Eliminado, Swizzor(lop)

:shock: MARAVILLOSA LIMPIEZA!!

Sin embargo he entrado en windows/application data y todavia sigue la carpeta "abourokayforddefault" viva, es mas, dentro tiene un archivo llamado "findfree"

Junto a esta carpeta tambien tengo otra llamada "firvemeowdelete", en la que el elistara tambien me hizo una limpieza parecida hace una semanas

dentro de esta otra carpeta tambien hay muchos archivos en plan "pfknnlnp" o "trus flaw face support".

Ademas tengo otra carpeta llamada "chic bird part mags". El nombre me parece un poco raro, simplemente saber si pudiera ser tambien algo sospechoso. Dentro tiene archivos tales como "else log" o "trust chin".

La cuestion de todo esto es preguntaros si puede ser que todos estos archivos que han quedado dentro de las carpetas pueden ser virus que el elistara no detecta, o si son archivos sin peligro ninguno.

En internet no paran de salirme pantallas del CID este que indica el elistara, y me lo ralentiza bastante el ordenador.

Por si un caso os envio tambien el log del hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 19:49:40, on 17/09/07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\ARCHIVOS DE PROGRAMA\MESSENGERPLUS! 3\MSGPLUS.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\ES\MSNAPPAU.EXE

C:\ARCHIVOS DE PROGRAMA\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\ARCHIVOS DE PROGRAMA\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\LVCOMSX.EXE

C:\ARCHIVOS DE PROGRAMA\LOGITECH\VIDEO\LOGITRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\ARCHIVOS DE PROGRAMA\WINAMP\WINAMPA.EXE

C:\WINDOWS\TASKMON.EXE

C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\ARCHIVOS DE PROGRAMA\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE

C:\ARCHIVOS DE PROGRAMA\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE

C:\WINDOWS\TWAIN_32\A4S2_32\WATCH.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\ARCHIVOS DE PROGRAMA\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE

C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\WINWORD.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\NOTEPAD.EXE

C:\ARCHIVOS DE PROGRAMA\WINRAR\WINRAR.EXE

C:\WINDOWS\TEMP\RAR$EX00.588\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://vsacbdhhecvfdjxdjixk.net/MFQuP3G4tJIwUgWQWp75vDeTyNFUeOT4rWnE0yQP7QeqInjJ4g0han_ecBIh7xl9.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\WINDOWS\IDIALER\WANADOO TURBO\PBHELPER.DLL

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\ES\MSNTB.DLL

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL

O2 - BHO: (no name) - {077A6522-398A-6FE3-9CCA-D3F127B2C300} - C:\WINDOWS\APPLICATION DATA\WEB WAVE ONLINE\SUPPORT ACTIVE.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\ES\MSNTB.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Archivos de programa\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Archivos de programa\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\es\msnappau.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Archivos de programa\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Archivos de programa\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe

O4 - HKLM\..\Run: [partmagsbodywindow] C:\WINDOWS\Application Data\chic bird part mags\REAL WIN.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\RunOnce: [ReEXEc] C:\MIS DOCUMENTOS\CARMEN\PROGRAMAS\ELISTARA.26092007.EXE

O4 - HKCU\..\Run: [FourCool] C:\WINDOWS\APPLIC~1\SAVEWA~1\Poll sign.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [PROXYIDOL] C:\WINDOWS\APPLIC~1\FIVEME~1\Info cool hole.exe

O4 - Startup: Avisos del Calendario de Microsoft Works.lnk = C:\Archivos de programa\Archivos comunes\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Startup: DSLMON.LNK = C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2_32\WATCH.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYES

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE

O12 - Plugin for .pdf: C:\ARCHIV~1\INTERN~1\PLUGINS\nppdf32.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com

O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) - http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elfitatiphertz.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=17bca63f5135903c3f351d0616681d78/aff=t_25oa_esca_wg/p/release/playfirst/wg_dinerdash2/dinerdash2/DinerDash2.1.0.0.48.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://webgames.d.tmsrv.com/c=17bca63f5135903c3f351d0616681d78/aff=t_25oa_esca_wg/p/release/playfirst/wg_dinerdash/dinerdash/DinerDash.1.0.0.58.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: JT's Blocks - http://download2.games.yahoo.com/games/clients/y/blt1_x.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://webgames.d.tmsrv.com/c=ca9709484fc64e2314d875a50c26ebe7/aff=t_25oa_esca_wg/p/release/mumbo/wg_luxor/luxor/mjolauncher.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab

O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://webgames.d.tmsrv.com/c=fc2f404d19109930bc593c55995ef5d3/aff=t_25oa_esca_wg/p/release/playfirst/wg_floonthego/floonthego/ddfotg.1.0.0.33.cab

Espero que me podais ayudar, estoy segura que aqui habra de todo un poco. :wink:

GRACIAS Y BESOS!!!!!

CARMEN[/color]

Mensaje por **lucl** » 17 Sep 2007, 20:36

Pues complementa pasando elitriip, y si quieres envianos para su analisis esos archivos que comentas, o si quieres para ganar tiempo subelos a virustotal y a ver que te dicen, nos comentas, saludos

http://www.zonavirus.com/descargas/elitriip.asp

http://www.virustotal.com

Mensaje por **msc hotline sat** » 17 Sep 2007, 21:21

Tienes estos ficheros sospechosos:

C:\WINDOWS\Application Data\chic bird part mags\REAL WIN.exe

C:\WINDOWS\APPLIC~1\SAVEWA~1\Poll sign.exe

C:\WINDOWS\APPLIC~1\FIVEME~1\Info cool hole.exe

envianoslos para analizar y mientras renombra sus extensiones a .VIR

Aparte elimina estas claves:

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYES

O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) - http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab

->~~[b]~~ Para ello recordar[/b]: https://foros.zonavirus.com/viewtopic.php?f=2&t=45334

saludos

ms, 17-09-2007

~~[b]~~NOTA: Y DESINSTALA EL MESSENGER PLUS, QUE ES POR DONDE PUDO ENTRAR TODO !!! ES UN FOCO DE ADWARES... [/b]

carmen2305 · Mensaje por **carmen2305** » 18 Sep 2007, 01:18

Hola otra vez!

He pasado el elitrip y no detecta nada.

Muy a pesar mio voy a desinstalar el messenger plus, pero esque no se como hacerlo, no encuentro ninguna opcion para desinstalar, no se si podreis ayudarme.

He eliminado estas claves:

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYES

O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) - http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab

Tambien os envio los ficheros que me pedis, pero no se que hacer con el resto, tengo todos estos:

en carpeta ABOUTOKAYFORDDEFAULT:

findfree

en carpeta CHIC BIRD PART MAGS:

delyplay

delete two

else log

exit lso

filmextra

locksmemo

real win

rectpoll

trust chin

en carpeta FIVEMEOWDELETE:

bhowksop

ddwusaos

gacbqshd

hkyuxpsa

ilixcbqi

info cool hole

kkdyezwp

kymgierp

mbjbtgqu

ocuzdpdi

ofsokmkn

pfknnlnp

trust flaw face support

vrcqircp

vtjknnfp

wcpskmde

xbuyewdb

zhxcjehb

Por ultimo os envio log del hijackthis y elistara de nuevo:

Logfile of HijackThis v1.99.1

Scan saved at 0:56:11, on 18/09/07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\ARCHIVOS DE PROGRAMA\MESSENGERPLUS! 3\MSGPLUS.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\ES\MSNAPPAU.EXE

C:\ARCHIVOS DE PROGRAMA\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\ARCHIVOS DE PROGRAMA\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\LVCOMSX.EXE

C:\ARCHIVOS DE PROGRAMA\LOGITECH\VIDEO\LOGITRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\ARCHIVOS DE PROGRAMA\WINAMP\WINAMPA.EXE

C:\WINDOWS\TASKMON.EXE

C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\ARCHIVOS DE PROGRAMA\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE

C:\ARCHIVOS DE PROGRAMA\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE

C:\WINDOWS\TWAIN_32\A4S2_32\WATCH.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\ARCHIVOS DE PROGRAMA\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE

C:\ARCHIVOS DE PROGRAMA\LOGITECH\VIDEO\FXSVR2.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\ARCHIVOS DE PROGRAMA\WINRAR\WINRAR.EXE

C:\WINDOWS\TEMP\RAR$EX00.277\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aswlhzdwbgzio.com/MFQuP3G4tJIwUgWQWp75vDeTyNFUeOT4rWnE0yQP7QfgDHQ06DX4PW_ecBIh7xl9.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imtshuhfetmfngw.net/MFQuP3G4tJKt23mdL9_E2XPE00zIboWKhA1I6TDjFqw.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\WINDOWS\IDIALER\WANADOO TURBO\PBHELPER.DLL

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\ES\MSNTB.DLL

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL

O2 - BHO: (no name) - {077A6522-398A-6FE3-9CCA-D3F127B2C300} - C:\WINDOWS\APPLICATION DATA\WEB WAVE ONLINE\SUPPORT ACTIVE.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\ES\MSNTB.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Archivos de programa\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Archivos de programa\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\es\msnappau.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Archivos de programa\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Archivos de programa\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe

O4 - HKLM\..\Run: [partmagsbodywindow] C:\WINDOWS\Application Data\chic bird part mags\REAL WIN.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [FourCool] C:\WINDOWS\APPLIC~1\SAVEWA~1\Poll sign.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [PROXYIDOL] C:\WINDOWS\APPLIC~1\FIVEME~1\Info cool hole.exe

O4 - Startup: Avisos del Calendario de Microsoft Works.lnk = C:\Archivos de programa\Archivos comunes\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Startup: DSLMON.LNK = C:\Archivos de programa\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2_32\WATCH.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE

O12 - Plugin for .pdf: C:\ARCHIV~1\INTERN~1\PLUGINS\nppdf32.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elfitatiphertz.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=17bca63f5135903c3f351d0616681d78/aff=t_25oa_esca_wg/p/release/playfirst/wg_dinerdash2/dinerdash2/DinerDash2.1.0.0.48.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://webgames.d.tmsrv.com/c=17bca63f5135903c3f351d0616681d78/aff=t_25oa_esca_wg/p/release/playfirst/wg_dinerdash/dinerdash/DinerDash.1.0.0.58.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: JT's Blocks - http://download2.games.yahoo.com/games/clients/y/blt1_x.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://webgames.d.tmsrv.com/c=ca9709484fc64e2314d875a50c26ebe7/aff=t_25oa_esca_wg/p/release/mumbo/wg_luxor/luxor/mjolauncher.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab

O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://webgames.d.tmsrv.com/c=fc2f404d19109930bc593c55995ef5d3/aff=t_25oa_esca_wg/p/release/playfirst/wg_floonthego/floonthego/ddfotg.1.0.0.33.cab

Tue Sep 18 00:57:34 2007

EliStartPage v14.65 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.win-anti-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.win-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantiviruspro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.windrivesafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winsoftware.com ## added by CiD

Tue Sep 18 00:57:42 2007

EliStartPage v14.65 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Archivos de programa\MessengerPlus! 3\MSGPLUSLOADER.DLL --> Acceso Denegado, Puper (dropper)

Gracias!

Mensaje por **msc hotline sat** » 18 Sep 2007, 04:59

Envianos muestras de estos ficheros sospechosos para analizar:

C:\WINDOWS\APPLICATION DATA\WEB WAVE ONLINE\SUPPORT ACTIVE.EXE

C:\WINDOWS\Application Data\chic bird part mags\REAL WIN.exe

C:\WINDOWS\APPLIC~1\SAVEWA~1\Poll sign.exe

C:\WINDOWS\APPLIC~1\FIVEME~1\Info cool hole.exe

->~~[b]~~ Para ello recordar[/b]: https://foros.zonavirus.com/viewtopic.php?f=2&t=45334

y desinstala el Messenger PLUS , posible origen de tus problemas. Es un foco de adwares !!!

Sobre las carpetas indicadas, no las han creado nuestras utilidades... Vea qué otras herramientas ha usado y consulte su manual al respecto ???

saludos

ms, 18-09-2007

Nota: visto lo que dices del Messenger Plus, y vista la ultima linea del infosat.txt:

C:\Archivos de programa\MessengerPlus! 3\MSGPLUSLOADER.DLL --> Acceso Denegado, Puper (dropper)

renombra dicho fichero a extension .VIR, y asi tras reiniciar ya no se pondrá en marcha.

saludos

ms, 18-09-2007

carmen2305 · Mensaje por **carmen2305** » 18 Sep 2007, 13:21

El archivo support active.exe acabo de enviarlo.

los otros tres los envie anoche juntos

S0bre las carpetas de las que hablaba, no es que crea que las ha creado las utilidades de satinfo, sino que mas bien creo que pueden haber sido creadas por algun tipo de virus, si eso es posible, y no se si deberia borrarlas directamente.

Lo que no tengo ni idea es como renombrar los ficheros a extension .VIR

Y si hago esto con el fichero de messenger plus, ¿se supone que el messenger plus seguira funcionando o será como si estuviera desinstalado?

Un saludo

Mensaje por **msc hotline sat** » 18 Sep 2007, 13:28

Puedo darte noticias de los tres ficheros que enviastes, son SWIZORS y pasamos a controlarlos con la version 14.66 del ELISTARA de hoy

Sobre como renombrar la extension de los ficheros a .VIR, muy fácil, pulsas boton derecho sobre el fichero, seleccionas cambiar nombre, y añades .VIR a todo él, de manera que la ultima extension, que es la que vale, quedará .VIR, y aceptas, asi ya no se pondra en marcha en el proximo reinicio, luego rearrancas y listos-

El nuevo fichero lo analizaremos cuando se reciba, a ver si nos da tiempo y lo implementamos tambien en las utilidades de hoy, si procde.

saludos

ms, 18-09-2007

Mensaje por **msc hotline sat** » 18 Sep 2007, 13:59

Ha llegado el otro fichero y le hemos dado prioridad, siendo implementado tambien al ELISTARA 14.66 de hoy, por resultar ser otro SWIZOR, aunque muy diferente de los anteriores.

saludos

ms, 18-09-2007

carmen2305 · Mensaje por **carmen2305** » 18 Sep 2007, 21:25

Pues nada, ahi se ve, eliminados los cuatro ficheros, mas uno de regalo.

Muchisimas gracias, os quiero!!

El messenger plus me ha dejado de funcionar... pero bueno, algun sacrificio he tenido que hacer.

De todas maneras, estoy segura que en las carpetas que vengo diciendo, todos los archivos que hay dentro van a ser infecciones, si me dieran mas problemas volveremos a hablar

Gracias otra vez y un saludo

Tue Sep 18 20:48:23 2007

EliStartPage v14.66 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.win-anti-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.win-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantiviruspro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.windrivesafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winsoftware.com ## added by CiD

Tue Sep 18 20:48:28 2007

EliStartPage v14.66 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Archivos de programa\MessengerPlus! 3\MSGPLUSLOADER.DLL --> Acceso Denegado, Puper (dropper)

C:\WINDOWS\Application Data\Save Way Cast\POLL SIGN.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\Save Way Cast\QFVMXUVO.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\Web Wave Online\SUPPORT ACTIVE.EXE --> Acceso Denegado, Swizzor(lop)

C:\WINDOWS\Application Data\Fivemeowdelete\INFO COOL HOLE.EXE --> Eliminado, Swizzor(lop)

C:\WINDOWS\Application Data\chic bird part mags\REAL WIN.EXE --> Eliminado, Swizzor(lop)

Tue Sep 18 20:56:32 2007

EliStartPage v14.66 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Tue Sep 18 20:56:33 2007

EliStartPage v14.66 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Archivos de programa\MessengerPlus! 3\MSGPLUSLOADER.VIR --> Eliminado, Puper (dropper)

C:\WINDOWS\Application Data\Web Wave Online\SUPPORT ACTIVE.EXE --> Eliminado, Swizzor(lop)

Mensaje por **msc hotline sat** » 18 Sep 2007, 21:30

Posiblemente fue el mesenger plus el que te descargó estos troyanos, asi que mejor desinstalado !!!

Y Ya dando por solucionado el Tema, procedemos a cerrarlo

Si nos necesitas de nuevo, ya sabes donde estamos

saludos

ms, 18-09-2007