tengo el virus Infostealer.Gampass

[soy]

Tengo este virus que me ha estado molestando mi antivirus lo detecta pero no lo elimina, alguien puede ayudarme?

[flacoroo]

comenzaremos por lo mas basico, bajate estas herramientas y las ejecutas reiniciando tu compu en modo seguro y despues nos pegas el resultado que se graba en C:infosat.txt



[url=http://www.zonavirus.com/descargas/elistara.asp]Elistara[/url]

[url=http://www.zonavirus.com/descargas/elitriip.asp]Elitriip[/url]

[url=http://www.zonavirus.com/descargas/elinotif.asp]Elinotiff[/url]

[msc hotline sat]

Como complemento a lo indicado por flacoroo, esta es la descripcion de este virus:


[quote="Symantec"]Infostealer.GampassRisk Level 1: Very LowPrinter Friendly Page

SUMMARY TECHNICAL DETAILS REMOVAL Discovered: November 12, 2006

Updated: March 16, 2007 7:51:32 AM

Also Known As: LIneage YI [Computer Associates], Bloodhound.KillAV [Symantec]

Type: Trojan

Infection Length: Varies

Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000



Once executed, the Trojan may copy itself with a random name in the %Windir% directory.



It may then drop randomly named DLL files in the %System% directory.



The Trojan also may end the following processes:



RavMon.exe

Ravmond.EXE

IPARMOR.EXE

adam.exe

EGHOST.EXE

MAILMON.EXE

KAVPFW.EXE

FilMsg.exe

Twister.exe



Next, it may add a value to one of the following registry subkeys so that it runs every time Windows starts:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run



The Trojan may modify the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "2"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"ShowSuperHidden" = "0"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDriveTypeAutoRun" = "145"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "0"



It also may log keystrokes when users log into various online games and send them to a predetermined email address or web site.



The Trojan may drop the following malware on to the compromised computer:



Downloader

Hacktool.Rootkit[/quote]

Si la variante que le detecta su antivirus no es aun controlada por nuestras utilidades, envienos los ficheros que detecta al respecto para analizarlos y proceder en consecuencia.



En tal caso:



[b]¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253



saludos



ms, 25.03.2008