virus

[josermz]

Hola, mi correo de hotmail, manda un correo a todos mis contactos, en blanco, no sabia que era bueno de echo no se todavia pero uso una lap top y cuando mi novia empezo a usar la lap top tambien le sucedio lo mismo noo se si sea un virus aquie en mi maquina, scanee con panda y esto fue el resultado



ANALYSIS: 2008-08-22 15:51:20

PROTECTIONS: 2

MALWARE: 24

SUSPECTS: 4

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

Windows Defender 1.1.3109.0 No No

Norton Antivirus Internet Security 2007 14.1.3 No No

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@casalemedia[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\juaancho@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\juaancho@atdmt[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@tradedoubler[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@fastclick[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@tribalfusion[2].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@statcounter[1].txt

00167759 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@counter9.sextracker[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\juaancho@ad.yieldmanager[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@burstnet[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@bs.serving-sys[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@adtech[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@advertising[2].txt

00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@sextracker[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@statse.webtrendslive[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\juaancho@ads.pointroll[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@overture[1].txt

00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@counter2.sextracker[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@adrevolver[1].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@adultfriendfinder[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Juaancho\AppData\Roaming\Microsoft\Windows\Cookies\Low\juaancho@atwola[2].txt

03441810 Generic Trojan Virus/Trojan No 0 No No C:\Users\Juaancho\instaladores\Cambio_de_IP.rar[Cambio de IP\Cambio de IP.exe]

03456512 Generic Malware Virus/Trojan No 0 Yes No C:\Users\Juaancho\instaladores\dap81-es.exe

;===================================================================================================================================================================================

SUSPECTS

Sent Location �K�X�as5

;===================================================================================================================================================================================

No C:\Program Files\mIRC\mirc.exe �K�X�as5

No C:\Users\Juaancho\Documents\Mis archivos recibidos\patch.exe �K�X�as5

No D:\Nero 8 Lite\keymaker.exe �K�X�as5

No D:\Nero_8_Lite.rar[Nero 8 Lite\keymaker.exe] �K�X�as5

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description �K�X�as5

;===================================================================================================================================================================================

;===================================================================================================================================================================================



Agradezco de antemano....

[msc hotline sat]

Pues envianos estos ficheros para analizar:





C:\Users\Juaancho\Documents\Mis archivos recibidos\patch.exe

D:\Nero 8 Lite\keymaker.exe



y subelos al VirusTotal : www.virustotal.com/es y si se detectan virus en alguno de ellos, posteanos el informe correspondiente, y renombra su extension a .VIR para que tras reiniciar ya no se ponga en marcha, y envianos los ficheros infectados para analizar y controlar.



y a la vista de los informes, obraremos en consecuencia



saludos



ms, 24 de Agosto de 2008

[josermz]

oye viejo no me deja adjuntar, ni con terminacion .exe, ni .vir el de nero lite ya lo abia borradoo y el de patch si lo subi ala pagina que me dijiste i estos fueron los resultadoss



Motor antivirus Versión Última actualización Resultado

AhnLab-V3 2008.8.21.0 2008.08.25 -

AntiVir 7.8.1.23 2008.08.24 -

Authentium 5.1.0.4 2008.08.25 -

Avast 4.8.1195.0 2008.08.24 -

AVG 8.0.0.161 2008.08.24 Generic10.AHWD

BitDefender 7.2 2008.08.25 -

CAT-QuickHeal 9.50 2008.08.22 (Suspicious) - DNAScan

ClamAV 0.93.1 2008.08.25 -

DrWeb 4.44.0.09170 2008.08.24 -

eSafe 7.0.17.0 2008.08.24 Suspicious File

eTrust-Vet 31.6.6044 2008.08.23 -

Ewido 4.0 2008.08.24 -

F-Prot 4.4.4.56 2008.08.25 -

F-Secure 7.60.13501.0 2008.08.25 Suspicious_F.gen

Fortinet 3.14.0.0 2008.08.24 Misc/KeyGen

GData 2.0.7306.1023 2008.08.20 -

Ikarus T3.1.1.34.0 2008.08.24 Trojan.Win32.Obfuscated.ex

K7AntiVirus 7.10.427 2008.08.23 -

Kaspersky 7.0.0.125 2008.08.25 -

McAfee 5368 2008.08.22 -

Microsoft 1.3807 2008.08.25 -

NOD32v2 3383 2008.08.24 -

Norman 5.80.02 2008.08.22 Suspicious_F.gen

Panda 9.0.0.4 2008.08.24 -

PCTools 4.4.2.0 2008.08.24 Packed/FSG

Prevx1 V2 2008.08.25 Malicious Software

Rising 20.58.62.00 2008.08.24 -

Sophos 4.32.0 2008.08.25 Mal/Packer

Sunbelt 3.1.1575.1 2008.08.23 VIPRE.Suspicious

Symantec 10 2008.08.25 -

TheHacker 6.3.0.6.060 2008.08.23 -

TrendMicro 8.700.0.1004 2008.08.23 PAK_Generic.001

VBA32 3.12.8.4 2008.08.23 -

ViRobot 2008.8.22.1346 2008.08.22 -

VirusBuster 4.5.11.0 2008.08.24 Packed/FSG

Webwasher-Gateway 6.6.2 2008.08.24 Win32.Malware.gen#FSG (suspicious)

Información adicional

Tamano archivo: 41184 bytes

MD5...: 6a817c143c34cdede3e9c35ad4f62d7a

SHA1..: 44f816502f4931f0e593a854439b6656cdca64c1

SHA256: 5b1210a91a5823fb96a89e09f62ec1a3bbdbbb7c1f20f354b12aec106ef0fbf8

SHA512: 4f7f8fb82e5576f1bc716163ddc5964d4b526226c72fe738dd892ce39b2251af

0f89cae24df9b05191ad13a67e2b8ab428c2334b8b6268c2dd8354d51fc14f6f

PEiD..: FSG v1.33 (Eng) -> dulek/xt

PEInfo: PE Structure information



( base data )

entrypointaddress.: 0x41fde1

timedatestamp.....: 0x21475346 (Fri Sep 11 01:35:02 1987)

machinetype.......: 0x14c (I386)



( 2 sections )

name viradd virsiz rawdsiz ntrpy md5

t 0x1000 0x15000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

ta 0x16000 0xa000 0x9eda 7.86 915a1387fd3d6f6ea836f3b78aa8a90a



( 1 imports )

> KERNEL32.dll: LoadLibraryA, GetProcAddress



( 0 exports )



ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=6a817c143c34cdede3e9c35ad4f62d7a

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=067C2F4BE043F955A024004A02F46F0083E9974F

packers (Kaspersky): FSG

packers (F-Prot): FSG



listoo, gracias por tu tiempo :D

[msc hotline sat]

Pues el menos envia esta patch.exe para analizarlo y controlarlo en las proximas versiones de nuestras utilidades:



C:\Users\Juaancho\Documents\Mis archivos recibidos\patch.exe



y recuerda:



[b]¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253



saludos



ms, 25 de Agosto de 2008

[josermz]

hey hola, el otro dia subi el archivo que me pediste no se si lo recibistee se me olvido avisarte jeje gracias

[msc hotline sat]

Ahora no estoy en la empresa y no puedo mirarlo, pero en cuanto se reciba, entrará en cola de analisis, dentro de la semana que viene nos pondremos al día, pero de momento ya lo tienes aparcado, asi que ya no debe incordiarte :wink:



saludos



ms, 28 de Agosto de 2008