Trojan.Downloader.Small.BCD

Reglas del Foro
Normas Basicas | Los Titulos, dicen mucho | No postear en paralelo | Continua en tu tema | Cierra tu tema, antes de abrir otro | No escribas en temas antiguos
Enlaces a web/mail/blog/Msn NO estan permitidos | Mensajes Privados | Informes de resultados | Antivirus Online
Responder
anhelo
Mensajes: 1
Registrado: 04 Sep 2006, 21:24

Trojan.Downloader.Small.BCD

Mensaje por anhelo » 04 Sep 2006, 21:34

No encluentro la solucion a mi PC, trato de desinfectarla de Spyware & Adware y no lo consigo, aqui no mando archivos adjuntos por que no se realmente cual es el del problema. Constantemente me aparece publicidad se desconecta mi conexion a Internet y se autoconfigura una entrada como "Enter". El Virus "Trojan.Downloader.Small.BCD" lo encontre con un antivirus online pero no lo quito. Anexo el resultado de Hijack This. Ayudenme, por favor.



Logfile of HijackThis v1.99.1

Scan saved at 02:03:26 p.m., on 04/09/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINNT\Explorer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\AT&T\AT&T Runner 2\AcceleNetClient.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINNT\system32\internat.exe

C:\Documents and Settings\josue\Desktop\mpk\mpk.exe

C:\Program Files\AT&T\AT&T Runner 2\ClientSideProxy.exe

C:\WINNT\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINNT\system32\CMMON32.EXE

C:\HijackThis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>

F2 - REG:system.ini: Shell=Explorer.exe

O1 - Hosts: 2.52.5.53 danzas

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [AcceleNet Client Application] C:\Program Files\AT&T\AT&T Runner 2\AcceleNetClient.exe -startup

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\RunServices: [Sun Java Console for Windows NT & XP] jconsole.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [MyPopupKiller] C:\Documents and Settings\josue\Desktop\mpk\mpk.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Vea la imagen original - C:\Program Files\AT&T\AT&T Runner 2\getoriginal.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://125.212.47.244/wallpaper/mex/mxlip5.exe

O16 - DPF: {0F222EC8-205D-463F-90C9-D7249B333F09} (VacPro.int_ver1) - http://advnt01.biz/dialer/int_ver1.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender-es.com/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157128069152

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/mex_ver34_35.CAB

O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2F238F5B-100B-499E-BE91-3DF10C2A3DFD}: Domain = mx.danzas.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{2F238F5B-100B-499E-BE91-3DF10C2A3DFD}: NameServer = 2.52.5.50

O17 - HKLM\System\CCS\Services\Tcpip\..\{4196403D-9B47-4D66-826E-1BB149F10DB7}: NameServer = 207.248.240.52 207.248.224.71

O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\k8620ijoe8oc0.dll

O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll

O20 - Winlogon Notify: Nls - C:\WINNT\system32\dnpm0171e.dll (file missing)

O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\mir2cenu.dll (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc.exe (file missing)



[/list]
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Mensaje por msc hotline sat » 05 Sep 2006, 07:47

Puede eliminar estas claves



O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://125.212.47.244/wallpaper/mex/mxlip5.exe



O16 - DPF: {0F222EC8-205D-463F-90C9-D7249B333F09} (VacPro.int_ver1) - http://advnt01.biz/dialer/int_ver1.CAB



O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/mex_ver34_35.CAB



O20 - Winlogon Notify: Nls - C:\WINNT\system32\dnpm0171e.dll (file missing)



O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\mir2cenu.dll (file missing)



O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc.exe (file missing)





Pero los troyanos deben eliminarse con las herramientas adecuadas,



https://foros.zonavirus.com/viewtopic.php?f=13&t=5148





Si no lo detecta con otra cosa, arranque en modo seguro con funciones de red y vuelva a lanzr el ONLINE que se lo detectó



saludos



ms, 5-9-2006
Arriba
Responder

Volver a “Foro Virus - Cuentanos tu problema”