Infectado con variante aut0run (CERRADO)

Reglas del Foro
Normas Basicas | Los Titulos, dicen mucho | No postear en paralelo | Continua en tu tema | Cierra tu tema, antes de abrir otro | No escribas en temas antiguos
Enlaces a web/mail/blog/Msn NO estan permitidos | Mensajes Privados | Informes de resultados | Antivirus Online
Cerrado
malcomxar
Mensajes: 2
Registrado: 12 Ago 2009, 07:57

Infectado con variante aut0run (CERRADO)

Mensaje por malcomxar » 12 Ago 2009, 08:11

ACLARO: PERDON POR EL DOBLE POST, PERO AL OTRO TEMA NO PUEDO ENTRAR PORQUE EL VIRUS ME CIERRA EL EXPLORADOR, FAVOR DE BORRARLO!!!



Buenas... llegue a este foro googleando, y bueno, requiero su ayuda para poder eliminar este irus molesto...



Que me hizo el virus:

*No me deja borrarlo (como todos)

*Llego via USB

*Cuando busco en google una solucion, ejemplo: "borrar autorun.inf" o "borrar yt8a . exe" , me cierra solo el explorador!!! :evil: :evil:

*Se me copio a las demas particiones



Hice analisis con el elistara y me tiro esto




[code] (12-8-2009 5:33:15 (GMT))
EliStartPage v19.10 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\ALCMTR.EXE --> Eliminado SpyRealtek
Eliminada Class, "{9AFB8248-617F-460D-9366-D71CDEDA3179}" -> NULL1
Eliminada Clave "HKLM\...\Image File Execution Options\360hotfix.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\360rpt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\360Safe.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\360safebox.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\360tray.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\adam.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\AgentSvr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\AntiArp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\AppSvc32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arvmon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\AutoGuarder.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\AvMonitor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\CCenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccSvcHst.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\FileDsty.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\findt2005.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\FTCleanerShell.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\HijackThis.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\IceSword.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\iparmo.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Iparmor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\IsHelp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\isPwdSvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kabaload.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KaScrScn.SCR"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KASMain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KASTask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KAV32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KAVDX.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KAVPFW.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KAVSetup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KAVStart.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\killhidepid.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KISLnchr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KMailMon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KMFilter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KPFW32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KPFW32X.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KPFWSvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KRegEx.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KRepair.COM"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KsLoader.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVCenter.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KvDetect.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kvfw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KvfwMcl.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVMonXP.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVMonXP_1.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kvol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kvolself.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KvReport.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVScan.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVSrvXP.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVStub.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kvupload.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kvwsc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KvXP.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KvXP_1.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KWatch.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KWatch9x.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KWatchX.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\loaddll.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\MagicSet.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\mcconsol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\mmqczj.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\mmsk.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\NAVSetup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32kui.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\PFW.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\PFWLiveUpdate.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\QHSET.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\QQDoctor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Ras.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Rav.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavCopy.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavMon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavMonD.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavStore.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavStub.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ravt08.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavTask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RegClean.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\rfwcfg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RfwMain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\rfwolusr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\rfwProxy.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\rfwsrv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RsAgent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Rsaupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RSTray.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\runiep.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\safebank.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\safeboxTray.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\safelive.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\shcfg32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\smartassistant.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\SmartUp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\SREng.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\SREngPS.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\symlcsvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\syscheck.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Syscheck2.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\SysSafe.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ToolsUp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\TrojanDetector.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Trojanwall.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\TrojDie.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UIHost.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UmxAgent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UmxAttachment.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UmxCfg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UmxFwHlp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UmxPol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UpLive.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\WoptiClean.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zxsweep.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ÐÞ¸´¹¤¾ß.exe"
"Debugger"="NTSD -D"
Linea Eliminada del HOSTS --> 127.0.0.1 serial.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 www.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 images.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 trial.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 forum.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 support.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 users.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 shop.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 vodka.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 195.137.236.101
Linea Eliminada del HOSTS --> 127.0.0.1 alcohol-soft.com
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Detectado AUTORUN.INF en la Unidad (C)
Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (D)
Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (E)
Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (I)
Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.

(12-8-2009 5:35:39 (GMT))
EliStartPage v19.10 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Archivos de programa\Realtek\Audio\InstallShield\ALCMTR.EXE --> Eliminado, SpyRealtek
C:\WINDOWS\system32\CMDOW.EXE --> Eliminado, Tool-HideWindow

Nº Total de Directorios: 11762
Nº Total de Ficheros: 134494
Nº de Ficheros Analizados: 40354
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2

(12-8-2009 5:40:10 (GMT))
EliStartPage v19.10 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "I:\"
I:\Zips & Apps\CS3 Keygen Collection\AUDITION 2.0.EXE --> Eliminado, KeyGen.SSG

Nº Total de Directorios: 1031
Nº Total de Ficheros: 12893
Nº de Ficheros Analizados: 3965
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

(12-8-2009 5:41:25 (GMT))
EliStartPage v19.10 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "E:\"

Nº Total de Directorios: 1
Nº Total de Ficheros: 4
Nº de Ficheros Analizados: 3
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

(12-8-2009 5:41:26 (GMT))
EliStartPage v19.10 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "E:\"

Nº Total de Directorios: 1
Nº Total de Ficheros: 4
Nº de Ficheros Analizados: 3
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

(12-8-2009 5:44:20 (GMT))
EliStartPage v19.10 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Clave "HKLM\...\Image File Execution Options\360hotfix.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\360rpt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\360Safe.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\360safebox.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\360tray.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\adam.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\AgentSvr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\AntiArp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\AppSvc32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arvmon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\AutoGuarder.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\AvMonitor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\CCenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccSvcHst.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\FileDsty.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\findt2005.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\FTCleanerShell.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\HijackThis.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\IceSword.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\iparmo.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Iparmor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\IsHelp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\isPwdSvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kabaload.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KaScrScn.SCR"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KASMain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KASTask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KAV32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KAVDX.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KAVPFW.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KAVSetup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KAVStart.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\killhidepid.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KISLnchr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KMailMon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KMFilter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KPFW32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KPFW32X.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KPFWSvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KRegEx.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KRepair.COM"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KsLoader.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVCenter.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KvDetect.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kvfw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KvfwMcl.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVMonXP.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVMonXP_1.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kvol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kvolself.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KvReport.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVScan.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVSrvXP.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KVStub.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kvupload.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kvwsc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KvXP.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KvXP_1.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KWatch.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KWatch9x.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\KWatchX.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\loaddll.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\MagicSet.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\mcconsol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\mmqczj.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\mmsk.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\NAVSetup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32kui.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\PFW.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\PFWLiveUpdate.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\QHSET.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\QQDoctor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Ras.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Rav.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavCopy.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavMon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavMonD.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavStore.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavStub.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ravt08.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RavTask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RegClean.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\rfwcfg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RfwMain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\rfwolusr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\rfwProxy.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\rfwsrv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RsAgent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Rsaupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\RSTray.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\runiep.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\safebank.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\safeboxTray.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\safelive.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\shcfg32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\smartassistant.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\SmartUp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\SREng.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\SREngPS.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\symlcsvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\syscheck.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Syscheck2.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\SysSafe.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ToolsUp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\TrojanDetector.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\Trojanwall.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\TrojDie.kxp"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UIHost.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UmxAgent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UmxAttachment.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UmxCfg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UmxFwHlp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UmxPol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\UpLive.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\WoptiClean.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zxsweep.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ÐÞ¸´¹¤¾ß.exe"
"Debugger"="NTSD -D"
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Detectado AUTORUN.INF en la Unidad (C)
Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (D)
Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (E)
Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (I)
Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.[/code]

Y ya les mande por mail el yt8 a . exe y el aut0run
Arriba
Avatar de Usuario
lucl
Mensajes: 6324
Registrado: 17 Ene 2006, 18:09
Ubicación: España
Contactar:
Contactar lucl

Re: Infectado con variante aut0run

Mensaje por lucl » 12 Ago 2009, 10:10

Pues cerramos el tema, sigue las indicaciones que te he dado en el otro mensaje sobre todo lo de añadir extension .vir al archivo, saludos.
Arriba
Cerrado

Volver a “Foro Spyware”