como elimino el virus fun.xls.exe?

[el jhon]

mi pc se infectó con el virus fun.xls.exe, y ahora cuando trato de explorar la unidad c: me da un error, además no me deja ver los archivos ocultos

[Nuker]

Pasate Elitriip en Modo Normal y nos pegas el log que te arrojara en Unidad C, con el nombre de infoSat.txt este lo copias y lo pegas aqui.



Elitriip:

http://www.zonavirus.com/descargas/elitriip.asp

[msc hotline sat]

Complemento lo indicado por Nuker con mas informacion al respecto:



Ver: http://www.bleepingcomputer.com/startups/msfun80.exe-16911.html



Vista la descripcion de Sophos:


[quote="Sophos"]
W32/VB-CYG

Worm

Summary

Summary Description Recovery Advanced Prevalence: low high

Name W32/VB-CYG

Type Worm



Affected operating systems Windows



Side effects Installs itself in the Registry



Aliases WORM_VB.CAY



Protection Download virus identity (IDE) file



Protection available since 26 January 2007 23:58:41 (GMT)

Protection history Updated -8 March 2007 13:37:33 (GMT)

Updated -13 February 2007 12:59:18 (GMT)

Updated -9 February 2007 14:56:52 (GMT)

Updated -30 January 2007 06:25:29 (GMT)

Published -26 January 2007 23:58:41 (GMT)



Detected by All versions of Sophos Anti-Virus

Latest protection included in our products from May 2007 (4.17)

More information on IDE files What are IDE files?

How to use IDE files

Get the latest IDE files





Description

Summary Description Recovery Advanced This section helps you to understand how it behaves

W32/VB-CYG is a worm for the Windows platform.



W32/VB-CYG spreads via removable storage devices.



Recovery

Summary Description Recovery Advanced This section tells you how to remove the threat.

Please follow the instructions for removing worms.



Advanced

Summary Description Recovery Advanced This section contains the description and advanced technical information

W32/VB-CYG is a worm for the Windows platform.



W32/VB-CYG spreads via removable storage devices.



When first run W32/VB-CYG copies itself to \fun.xls.exe and creates the following files:



\autorun.inf

<Windows>\ufdata2000.log



These files can be deleted.



The worm may also create copies of itself as msime82.exe and msfun80.exe and create the following registry entries to run itself automatically on startup:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

IMJPMIG8.2

msime82.exe



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

MsServer

msfun80.exe



The following registry entry is also set:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ SHOWALL

CheckedValue

0
[/quote]

enviarnos copia de estos ficheros para analizar:



\autorun.inf



<Windows>\ufdata2000.log



msime82.exe



msfun80.exe







recordar: https://foros.zonavirus.com/viewtopic.php?f=2&t=45334





A su recepcion los analizaremos e implementaremos su control y eliminacion en nuestras utilidades (en el ELITRIIP al ser un gusano)





saludos



ms, 23-03-2007



nota: fijarse que se propaga a traves de memorias USB, al usar un AUTORUN.INF e indicar : "W32/VB-CYG spreads via removable storage devices. ", por lo que no olvidar la exploracion de los pendrive que hayan rondado por esta máquina, y los ordenadores en los que se haya insertado dichos pendrive ... !