Buenos dias (espero).
Esta mañana nada mas encender el ordenador,¡surpraaaaaise!!! el zonealarm me pide permiso para que una aplicacion se conecte a internet... un tal Anti Jump.exe.
He ido a buscarlo, y nada mas darle con el boton derecho del raton para ver las propiedades del coso este, plof explorer ha generado un error, bla bla bla.
Decir que me ha escamado es poco.
He pasado el antivirus y no me ha encontrado nada y el ad-aware(actualizado) me ha encontrado cosillas, pero eso en cuestion no me lo ha eliminado.
Creo que es un spyware, ya que por primera vez en mi vida se me ha cambiado la pagina de inicio del IE ( que siempre la tengo en blanco)Me ha costado muuucho cargarme la aplicacion, ya que me daba error tras error (si, lo he probado en modo a prueba de fallos) finalmente he conseguido 1. mandarlo a la m***da (con perdon) 2- hacer una copia en un diskette para pedirle a msc si no es mucha molestia que se lo mire cuando tenga un rato libre (si es que lo tiene), no por nada, curiosidad por saber que es eso.
ahora parece que todo esta en orden, la pagina de inicio es la que yo quiero (osea ninguna), y la aplicacion en cuestion no aparece.
Y eso es todo!
Saludos!!!
Desagradable sorpresa (solucionado)
¿Supongo que sabes a que direccion mandarlo?
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Lo Unico que se necesita para que el mal triunfe es que los hombres buenos no hagan nada, Edmund Burke
Lo Unico que se necesita para que el mal triunfe es que los hombres buenos no hagan nada, Edmund Burke
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Hola formiga y saludos, ADMIN
Debe tratarse de un bicho nuevo.
Me lo envias como ya sabes, azonavirus@satinfo.es y lo examinamos con mucho gusto.
Hoy mismo te digo algo si me lo envias ya.
saludos
ms, 2-06-2004
Debe tratarse de un bicho nuevo.
Me lo envias como ya sabes, a
Hoy mismo te digo algo si me lo envias ya.
saludos
ms, 2-06-2004
Última edición por msc hotline sat el 02 Jun 2004, 11:37, editado 1 vez en total.
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Recibido el fichero. A primera vista no es detectado ni un analisis superficial aparenta contener rutinas viricas.
Se procede a investigación a fondo
Informaremos al respecto
saludos
ms, 2-06-2004
Se procede a investigación a fondo
Informaremos al respecto
saludos
ms, 2-06-2004
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Pues bingo, formiga, ha resultado ser culpable.
Tras examinarlo a fondo, a pesar de aparentar no ser nada, ha sido condenado, y te copio entre líneas el script con el que generar fichero EXTRA.DAT con el que controllar este trpyano:
__________________________________________
97 178 128 185 77 179 204 215 122 82 255 214 32 127 226 195
141 49 205 179 241 55 29 163 13 51 179 150 242 33 108 163
29 51 140 179 110 162 141 226 171 123 118 252 133 104 82 55
242 33 108 163 29 51 141 179 230 25 141 152 24 243 106 15
214 27 223 230 242 33 108 163 29 51 140 179 228 164 141 226
192 218 149 201 98 176 69 92 0 177 136 179 242 204 140 179
25 52
8854 256 12503 336 Adware-Lop
__________________________________________
Como verás se ha bautizado como Adware-Lop, pues no se trata propiamente de un virus, sino de un troyano Adware.
Seleccionas el script entre lineas. haces un copiar y pegar sobre el bloc de notas y guardas como EXTRA:DAT y copias este fichero a la carpeta de los DATS de McAfee, y ya te lo controlará
Proximamente será añadido a los DATS semanales, pero mientras ya podrás controlarlo así.
saludos
ms, 3-06-2004
Tras examinarlo a fondo, a pesar de aparentar no ser nada, ha sido condenado, y te copio entre líneas el script con el que generar fichero EXTRA.DAT con el que controllar este trpyano:
__________________________________________
97 178 128 185 77 179 204 215 122 82 255 214 32 127 226 195
141 49 205 179 241 55 29 163 13 51 179 150 242 33 108 163
29 51 140 179 110 162 141 226 171 123 118 252 133 104 82 55
242 33 108 163 29 51 141 179 230 25 141 152 24 243 106 15
214 27 223 230 242 33 108 163 29 51 140 179 228 164 141 226
192 218 149 201 98 176 69 92 0 177 136 179 242 204 140 179
25 52
8854 256 12503 336 Adware-Lop
__________________________________________
Como verás se ha bautizado como Adware-Lop, pues no se trata propiamente de un virus, sino de un troyano Adware.
Seleccionas el script entre lineas. haces un copiar y pegar sobre el bloc de notas y guardas como EXTRA:DAT y copias este fichero a la carpeta de los DATS de McAfee, y ya te lo controlará
Proximamente será añadido a los DATS semanales, pero mientras ya podrás controlarlo así.
saludos
ms, 3-06-2004
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Buscando informacion al respecto, ahora que sabemos lo que es, te adjunto descripcion de Symantec de este troyano:
__________________________________________
Adware.Lop
Last Updated on: April 26, 2004 02:41:58 PM
Type: Adware
Publisher: lop.com
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX
Removal: Medium
Damage: Low
Intelligent Updater Definitions*
September 29, 2003
LiveUpdate™ Definitions **
October 01, 2003
*
Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.
**
LiveUpdate definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.
This threat can be detected only by Symantec products that support expanded threats. For more information on expanded threats, please go here.
Behavior
Adware.Lop adds its own toolbar and search button to Internet Explorer.
Symptoms
The files on the system are detected as Adware.Lop.
Transmission
This adware component must be manually installed, or installed as a component of another program that you install.
When Adware.Lop is installed, it does the following:
Installs files to the local system. Older versions of this adware create a file, %ApplicationData%\<random characters>.dll.
--------------------------------------------------------------------------------
Note: %ApplicationData% is a variable. The program locates the Application Data folder and copies itself to the folder. For example, on Windows 2000 this is usually C:\Documents and Settings\<user>\Application Data, where <user> is the current user account.
--------------------------------------------------------------------------------
Recent versions create a new folder in C:\Program Files and installs the files to that location. The folder and file names are composed of random English words.
Some examples include:
team pure
bolt date book
OozeBind
Hold way amok
KEEP AXIS
Adds the .dll as a Browser Helper Object in the registry.
May create .htm and .gif files in %Windows%, as file names composed of random characters or random words.
May create the files, Xpp.idx and Tbt.idx, in the %Temp%\Delete.me folder.
The following instructions pertain to all Symantec antivirus products that support Expanded Threat detection.
This adware is a product of C2 Media, Ltd. At the time of writing, uninstallation instructions could be found at http:\\www.lop.com/help .
Note: Symantec is not affiliated with the aforementioned Web site.
If the uninstall instructions at http:\\www.lop.com/help do not work or are no longer available, follow these steps:
--------------------------------------------------------------------------------
Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
--------------------------------------------------------------------------------
Update the definitions.
Restart the computer in Safe mode.
Run a full system scan and delete all the files detected as Adware.Lop.
Delete the keys that were added to the registry.
For specific details on each of these steps, read the following instructions.
1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.
2. To restart the computer in Safe mode
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode. For instructions, read the document, "How to start the computer in Safe Mode."
3. To scan for and delete the files
Start your Symantec antivirus program and run a full system scan.
If any files are detected as Adware.Lop, click Delete.
4. To delete the keys from the registry
--------------------------------------------------------------------------------
Note: This procedure is optional. It is not likely that the keys, which currently known versions of this adware has added, will do any harm if they are not removed from the registry. Removal can be somewhat complex due to the randomly named files.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
--------------------------------------------------------------------------------
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Click the Edit menu > Find.
In the "Find what" box, type the file name of the file that was detected as Adware.Lop.
Click Find Next. You may find one of the following values:
"(Default)"="%ApplicationData%\<random filename>.dll"
"(Default)"="%ProgramFiles%\<random directory>\<random filename>.dll"
in one of these registry keys:
HKEY_CLASSES_ROOT\CLSID\<random ID>\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\<random ID>\InprocServer32
Write down the "random ID" number. Then, in the right pane, delete the key (to which it is attached), which is one of the following:
HKEY_CLASSES_ROOT\CLSID\<random ID>\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\<random ID>\InprocServer32
Click the Edit menu > Find.
In the "Find what" box, type the random ID that you found in step f.
Click Find Now. You may find the value:
"(Default)"="{random ID}"
in the following registry keys:
HKEY_CLASSES_ROOT\<randomA>.<randomB>\CLSID
HKEY_CLASSES_ROOT\<randomA>.<randomB>.1\CLSID
Delete the keys, if found.
Browse to and delete the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{random ID}
Exit the Registry Editor
__________________________________________
Confio que corresponderá a lo detectado por McAfee con el mismo nombre
saludos
ms, 3-06-2004
__________________________________________
Adware.Lop
Last Updated on: April 26, 2004 02:41:58 PM
Type: Adware
Publisher: lop.com
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX
Removal: Medium
Damage: Low
Intelligent Updater Definitions*
September 29, 2003
LiveUpdate™ Definitions **
October 01, 2003
*
Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.
**
LiveUpdate definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.
This threat can be detected only by Symantec products that support expanded threats. For more information on expanded threats, please go here.
Behavior
Adware.Lop adds its own toolbar and search button to Internet Explorer.
Symptoms
The files on the system are detected as Adware.Lop.
Transmission
This adware component must be manually installed, or installed as a component of another program that you install.
When Adware.Lop is installed, it does the following:
Installs files to the local system. Older versions of this adware create a file, %ApplicationData%\<random characters>.dll.
--------------------------------------------------------------------------------
Note: %ApplicationData% is a variable. The program locates the Application Data folder and copies itself to the folder. For example, on Windows 2000 this is usually C:\Documents and Settings\<user>\Application Data, where <user> is the current user account.
--------------------------------------------------------------------------------
Recent versions create a new folder in C:\Program Files and installs the files to that location. The folder and file names are composed of random English words.
Some examples include:
team pure
bolt date book
OozeBind
Hold way amok
KEEP AXIS
Adds the .dll as a Browser Helper Object in the registry.
May create .htm and .gif files in %Windows%, as file names composed of random characters or random words.
May create the files, Xpp.idx and Tbt.idx, in the %Temp%\Delete.me folder.
The following instructions pertain to all Symantec antivirus products that support Expanded Threat detection.
This adware is a product of C2 Media, Ltd. At the time of writing, uninstallation instructions could be found at http:\\
Note: Symantec is not affiliated with the aforementioned Web site.
If the uninstall instructions at http:\\
--------------------------------------------------------------------------------
Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
--------------------------------------------------------------------------------
Update the definitions.
Restart the computer in Safe mode.
Run a full system scan and delete all the files detected as Adware.Lop.
Delete the keys that were added to the registry.
For specific details on each of these steps, read the following instructions.
1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.
2. To restart the computer in Safe mode
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode. For instructions, read the document, "How to start the computer in Safe Mode."
3. To scan for and delete the files
Start your Symantec antivirus program and run a full system scan.
If any files are detected as Adware.Lop, click Delete.
4. To delete the keys from the registry
--------------------------------------------------------------------------------
Note: This procedure is optional. It is not likely that the keys, which currently known versions of this adware has added, will do any harm if they are not removed from the registry. Removal can be somewhat complex due to the randomly named files.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
--------------------------------------------------------------------------------
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Click the Edit menu > Find.
In the "Find what" box, type the file name of the file that was detected as Adware.Lop.
Click Find Next. You may find one of the following values:
"(Default)"="%ApplicationData%\<random filename>.dll"
"(Default)"="%ProgramFiles%\<random directory>\<random filename>.dll"
in one of these registry keys:
HKEY_CLASSES_ROOT\CLSID\<random ID>\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\<random ID>\InprocServer32
Write down the "random ID" number. Then, in the right pane, delete the key (to which it is attached), which is one of the following:
HKEY_CLASSES_ROOT\CLSID\<random ID>\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\<random ID>\InprocServer32
Click the Edit menu > Find.
In the "Find what" box, type the random ID that you found in step f.
Click Find Now. You may find the value:
"(Default)"="{random ID}"
in the following registry keys:
HKEY_CLASSES_ROOT\<randomA>.<randomB>\CLSID
HKEY_CLASSES_ROOT\<randomA>.<randomB>.1\CLSID
Delete the keys, if found.
Browse to and delete the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{random ID}
Exit the Registry Editor
__________________________________________
Confio que corresponderá a lo detectado por McAfee con el mismo nombre
saludos
ms, 3-06-2004
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Será la formiga asesina?
Ya sabemos a quien nombrar verduga en el foro, nuestra formiga corta la cabeza antes que nada !
Primero cortar, luego preguntar...
Bueno, la cuestión es haber dado con lo que era, y considerandoi solucionado el problema, se cierra el Tema
Ya sabemos a quien nombrar verduga en el foro, nuestra formiga corta la cabeza antes que nada !
Primero cortar, luego preguntar...
Bueno, la cuestión es haber dado con lo que era, y considerandoi solucionado el problema, se cierra el Tema
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online