hola .
sin ningun problema aparente , hoy me ha dado por probar McAfee Rootkit Detective y cual es mi sorpresa que me detecta uno , pero supongo que sera normal al tener el norton , pero como no lo se seguro, recurro a vosotros como siempre con mis dudas . os paso el informe que se me ha creado.
McAfee(R) Rootkit Detective 1.1 scan report
On 08-02-2008 at 18:06:46
OS-Version 5.1.2600
Service Pack 2.0
====================================
Object-Type: SSDT-hook
Object-Name: ZwAlertResumeThread
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwAlertThread
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwAllocateVirtualMemory
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS
Object-Type: SSDT-hook
Object-Name: ZwCreateMutant
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS
Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS
Object-Type: SSDT-hook
Object-Name: ZwFreeVirtualMemory
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwImpersonateAnonymousToken
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwImpersonateThread
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwMapViewOfSection
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwOpenEvent
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwOpenProcess
Object-Path: C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Object-Type: SSDT-hook
Object-Name: ZwOpenProcessToken
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwOpenThreadToken
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwResumeThread
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwSetContextThread
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwSetInformationProcess
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwSetInformationThread
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS
Object-Type: SSDT-hook
Object-Name: ZwSuspendProcess
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwSuspendThread
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Object-Type: SSDT-hook
Object-Name: ZwTerminateThread
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwUnmapViewOfSection
Object-Path: (NULL)
Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: (NULL)
Object-Type: Registry-key
Object-Name: 0D79C293C1ED61418462E24595C90D04AVG Anti-Spyware 7.5\guard.sys
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden
Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden
Object-Type: Registry-key
Object-Name: jdgg40\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Hidden
Object-Type: Registry-key
Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden
Object-Type: Registry-key
Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden
Object-Type: Registry-key
Object-Name: jdgg40\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Hidden
Object-Type: Registry-key
Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden
Object-Type: Registry-key
Object-Name: 00000001ontrolSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden
Object-Type: Registry-key
Object-Name: jdgg40\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Hidden
Object-Type: Registry-key
Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden
Object-Type: Registry-key
Object-Name: 00000001ontrolSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden
Object-Type: Registry-key
Object-Name: jdgg40\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Hidden
Object-Type: Registry-key
Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden
Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden
Object-Type: Registry-key
Object-Name: jdgg40\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Hidden
Object-Type: Registry-key
Object-Name: DataEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden
Object-Type: Registry-key
Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden
Object-Type: Registry-key
Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden
Object-Type: Registry-key
Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden
Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden
Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden
Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden
Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden
Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden
Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden
Object-Type: Process
Object-Name: msnmsgr.exe
Pid: 3440
Object-Path: C:\Archivos de programa\MSN Messenger\msnmsgr.exe
Status: Visible
Object-Type: Process
Object-Name: explorer.exe
Pid: 1208
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 340
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 744
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: atiptaxx.exe
Pid: 1768
Object-Path: C:\ATI-CPanel\atiptaxx.exe
Status: Visible
Object-Type: Process
Object-Name: alg.exe
Pid: 2204
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible
Object-Type: Process
Object-Name: lsass.exe
Pid: 592
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible
Object-Type: Process
Object-Name: hpobnz08.exe
Pid: 1740
Object-Path: C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
Status: Visible
Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible
Object-Type: Process
Object-Name: winlogon.exe
Pid: 532
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible
Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1400
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible
Object-Type: Process
Object-Name: ccApp.exe
Pid: 164
Object-Path: C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
Status: Visible
Object-Type: Process
Object-Name: smss.exe
Pid: 444
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible
Object-Type: Process
Object-Name: AppleMobileDevi
Pid: 1684
Object-Path: C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Status: Visible
Object-Type: Process
Object-Name: UnlockerAssista
Pid: 848
Object-Path: C:\Archivos de programa\Unlocker\UnlockerAssistant.exe
Status: Visible
Object-Type: Process
Object-Name: hpoevm08.exe
Pid: 2212
Object-Path: C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
Status: Visible
Object-Type: Process
Object-Name: HPZipm12.exe
Pid: 4072
Object-Path: C:\WINDOWS\system32\HPZipm12.exe
Status: Visible
Object-Type: Process
Object-Name: guard.exe
Pid: 1716
Object-Path: C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Status: Visible
Object-Type: Process
Object-Name: EPGService.exe
Pid: 1840
Object-Path: C:\ARCHIV~1\WinTV\EPG Services\System\EPGService.exe
Status: Visible
Object-Type: Process
Object-Name: HCWemmon.exe
Pid: 756
Object-Path: C:\WINDOWS\HCWemmon.exe
Status: Visible
Object-Type: Process
Object-Name: csrss.exe
Pid: 508
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible
Object-Type: File/Folder
Object-Name: ABEBE01F.TMP
Pid: n/a
Object-Path: C:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtETmp\ABEBE01F.TMP
Status: Hidden
Object-Type: Process
Object-Name: ctfmon.exe
Pid: 884
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible
Object-Type: Process
Object-Name: ccSvcHst.exe
Pid: 1784
Object-Path: C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
Status: Visible
Object-Type: Process
Object-Name: AppSvc32.exe
Pid: 1320
Object-Path: C:\Archivos de programa\Archivos comunes\Symantec Shared\AppCore\AppSvc32.exe
Status: Visible
Object-Type: Process
Object-Name: MDM.EXE
Pid: 2004
Object-Path: C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
Status: Visible
Object-Type: Process
Object-Name: services.exe
Pid: 580
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible
Object-Type: Process
Object-Name: ccSvcHst.exe
Pid: 1076
Object-Path: C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
Status: Visible
Object-Type: Process
Object-Name: WkUFind.exe
Pid: 1696
Object-Path: C:\Archivos de programa\Archivos comunes\Microsoft Shared\Works Shared\WkUFind.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 2968
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 892
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: hpotdd01.exe
Pid: 1792
Object-Path: C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Status: Visible
Object-Type: Process
Object-Name: hposts08.exe
Pid: 800
Object-Path: C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
Status: Visible
Object-Type: Process
Object-Name: AluSchedulerSvc
Pid: 180
Object-Path: C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 956
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: SOUNDMAN.EXE
Pid: 152
Object-Path: C:\WINDOWS\SOUNDMAN.EXE
Status: Visible
Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 2168
Object-Path: C:\Documents and Settings\CONCHI\Mis documentos\ZONAVIRUS DESCARGAS\McafeeRootkitDetective\Rootkit_Detective.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 804
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Object-Type: Process
Object-Name: svchost.exe
Pid: 1052
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible
Scan complete. Found hidden Processes and Files: 1 .
Total files scanned: 64916
espero vuestra respuesta . un saludo .
symantec y rootkit (SOLUCIONADO)
-
conchirrin
- Mensajes: 155
- Registrado: 09 Feb 2007, 22:28
- Ubicación: Barcelona ( España )
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Bueno, no todo lo oculto ha de ser bicho, y eso parece de Symantec:
C:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtETmp\ABEBE01F.TMP
Ademas es un temporal...
Sal de dudas subiendolo al virustotal y nos informas del resultado, gracias
https://www.virustotal.com/es/
saludos
ms, 8-2-2008
C:\Documents and Settings\All Users\Datos de programa\Symantec\SRTSP\SrtETmp\ABEBE01F.TMP
Ademas es un temporal...
Sal de dudas subiendolo al virustotal y nos informas del resultado, gracias
saludos
ms, 8-2-2008
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
conchirrin
- Mensajes: 155
- Registrado: 09 Feb 2007, 22:28
- Ubicación: Barcelona ( España )
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Es que al ser un temporal, y la carpeta puede que tambien lo sea (por su nombre), igual ni está ya.
Puede ser un fichero de proceso intermedio, que se cree cada vez que lances algo de tu Norton AV, y que podría ser que hoy tuviera otro nombre !
Yo no me preocuparía mas por ello, estas buscando cinco pues al gato, y mira que si se lo encuentras...
:wink:
saludos conchi.
ms, 12-2-2008
Puede ser un fichero de proceso intermedio, que se cree cada vez que lances algo de tu Norton AV, y que podría ser que hoy tuviera otro nombre !
Yo no me preocuparía mas por ello, estas buscando cinco pues al gato, y mira que si se lo encuentras...
saludos conchi.
ms, 12-2-2008
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
conchirrin
- Mensajes: 155
- Registrado: 09 Feb 2007, 22:28
- Ubicación: Barcelona ( España )
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Y no te pelees tanto con el ordenador, que si lo mareas mucho se va a enfadar, y por el avatar parece que no os llevais muy bien...
Ya sabes, si te hace enfadar mucho ...
[img]http://www.bleepingcomputer.com/forums/style_emoticons/default/killcomp.gif [/img]
y dando por solucionado el Tema, procedemos a cerrarlo
si nos necesitas de nuevo, ya sabes donde estamos
saludos conchi
ms, 12-2-2008
Ya sabes, si te hace enfadar mucho ...
[img]y dando por solucionado el Tema, procedemos a cerrarlo
si nos necesitas de nuevo, ya sabes donde estamos
saludos conchi
ms, 12-2-2008
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online