Infectado con variante autorun . inf

malcomxar · Mensaje por **malcomxar** » 12 Ago 2009, 08:03

Buenas... llegue a este foro googleando, y bueno, requiero su ayuda para poder eliminar este irus molesto...

Que me hizo el virus:

*No me deja borrarlo (como todos)

*Llego via USB

*Cuando busco en google una solucion, ejemplo: "borrar autorun.inf" o "borrar yt8a . exe" , me cierra solo el explorador!!! :evil: :evil:

*Se me copio a las demas particiones

Hice analisis con el elistara y me tiro esto

[code](12-8-2009   5:33:15 (GMT))
EliStartPage v19.10  (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\ALCMTR.EXE --> Eliminado SpyRealtek
Eliminada Class, "{9AFB8248-617F-460D-9366-D71CDEDA3179}" -> NULL1
Eliminada Clave  "HKLM\...\Image File Execution Options\360hotfix.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\360rpt.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\360Safe.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\360safebox.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\360tray.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\adam.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\AgentSvr.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\AntiArp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\AppSvc32.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\arvmon.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\AutoGuarder.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\autoruns.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\avgrssvc.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\AvMonitor.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\avp.com"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\avp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\CCenter.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\ccSvcHst.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\FileDsty.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\findt2005.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\FTCleanerShell.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\HijackThis.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\IceSword.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\iparmo.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Iparmor.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\IsHelp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\isPwdSvc.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kabaload.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KaScrScn.SCR"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KASMain.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KASTask.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KAV32.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KAVDX.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KAVPFW.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KAVSetup.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KAVStart.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\killhidepid.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KISLnchr.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KMailMon.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KMFilter.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KPFW32.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KPFW32X.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KPFWSvc.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KRegEx.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KRepair.COM"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KsLoader.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVCenter.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KvDetect.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kvfw.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KvfwMcl.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVMonXP.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVMonXP_1.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kvol.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kvolself.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KvReport.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVScan.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVSrvXP.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVStub.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kvupload.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kvwsc.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KvXP.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KvXP_1.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KWatch.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KWatch9x.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KWatchX.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\loaddll.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\MagicSet.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\mcconsol.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\mmqczj.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\mmsk.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\NAVSetup.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\nod32krn.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\nod32kui.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\PFW.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\PFWLiveUpdate.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\QHSET.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\QQDoctor.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Ras.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Rav.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavCopy.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavMon.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavMonD.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavStore.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavStub.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\ravt08.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavTask.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RegClean.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\rfwcfg.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RfwMain.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\rfwolusr.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\rfwProxy.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\rfwsrv.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RsAgent.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Rsaupd.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RSTray.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\runiep.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\safebank.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\safeboxTray.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\safelive.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\scan32.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\shcfg32.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\smartassistant.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\SmartUp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\SREng.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\SREngPS.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\symlcsvc.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\syscheck.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Syscheck2.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\SysSafe.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\ToolsUp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\TrojanDetector.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Trojanwall.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\TrojDie.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UIHost.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UmxAgent.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UmxAttachment.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UmxCfg.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UmxFwHlp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UmxPol.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UpLive.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\WoptiClean.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\zxsweep.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\ÐÞ¸´¹¤¾ß.exe"
                 "Debugger"="NTSD -D"
Linea Eliminada del HOSTS --> 127.0.0.1 serial.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 http://www.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 images.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 trial.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 forum.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 support.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 users.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 shop.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 vodka.alcohol-soft.com
Linea Eliminada del HOSTS --> 127.0.0.1 195.137.236.101
Linea Eliminada del HOSTS --> 127.0.0.1 alcohol-soft.com
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Detectado AUTORUN.INF en la Unidad (C)
 Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (D)
 Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (E)
 Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (I)
 Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.

	(12-8-2009   5:35:39 (GMT))
EliStartPage v19.10  (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Archivos de programa\Realtek\Audio\InstallShield\ALCMTR.EXE --> Eliminado, SpyRealtek
C:\WINDOWS\system32\CMDOW.EXE --> Eliminado, Tool-HideWindow

Nº Total de Directorios:   11762
Nº Total de Ficheros:      134494
Nº de Ficheros Analizados: 40354
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados:  2

	(12-8-2009   5:40:10 (GMT))
EliStartPage v19.10  (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "I:\"
I:\Zips & Apps\CS3 Keygen Collection\AUDITION 2.0.EXE --> Eliminado, KeyGen.SSG

Nº Total de Directorios:   1031
Nº Total de Ficheros:      12893
Nº de Ficheros Analizados: 3965
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados:  1

	(12-8-2009   5:41:25 (GMT))
EliStartPage v19.10  (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "E:\"

Nº Total de Directorios:   1
Nº Total de Ficheros:      4
Nº de Ficheros Analizados: 3
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	(12-8-2009   5:41:26 (GMT))
EliStartPage v19.10  (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "E:\"

Nº Total de Directorios:   1
Nº Total de Ficheros:      4
Nº de Ficheros Analizados: 3
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	(12-8-2009   5:44:20 (GMT))
EliStartPage v19.10  (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Clave  "HKLM\...\Image File Execution Options\360hotfix.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\360rpt.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\360Safe.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\360safebox.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\360tray.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\adam.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\AgentSvr.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\AntiArp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\AppSvc32.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\arvmon.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\AutoGuarder.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\autoruns.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\avgrssvc.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\AvMonitor.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\avp.com"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\avp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\CCenter.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\ccSvcHst.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\FileDsty.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\findt2005.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\FTCleanerShell.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\HijackThis.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\IceSword.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\iparmo.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Iparmor.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\IsHelp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\isPwdSvc.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kabaload.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KaScrScn.SCR"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KASMain.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KASTask.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KAV32.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KAVDX.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KAVPFW.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KAVSetup.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KAVStart.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\killhidepid.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KISLnchr.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KMailMon.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KMFilter.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KPFW32.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KPFW32X.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KPFWSvc.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KRegEx.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KRepair.COM"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KsLoader.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVCenter.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KvDetect.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kvfw.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KvfwMcl.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVMonXP.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVMonXP_1.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kvol.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kvolself.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KvReport.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVScan.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVSrvXP.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KVStub.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kvupload.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\kvwsc.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KvXP.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KvXP_1.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KWatch.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KWatch9x.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\KWatchX.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\loaddll.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\MagicSet.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\mcconsol.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\mmqczj.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\mmsk.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\NAVSetup.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\nod32krn.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\nod32kui.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\PFW.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\PFWLiveUpdate.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\QHSET.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\QQDoctor.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Ras.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Rav.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavCopy.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavMon.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavMonD.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavStore.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavStub.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\ravt08.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RavTask.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RegClean.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\rfwcfg.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RfwMain.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\rfwolusr.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\rfwProxy.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\rfwsrv.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RsAgent.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Rsaupd.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\RSTray.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\runiep.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\safebank.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\safeboxTray.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\safelive.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\scan32.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\shcfg32.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\smartassistant.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\SmartUp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\SREng.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\SREngPS.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\symlcsvc.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\syscheck.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Syscheck2.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\SysSafe.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\ToolsUp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\TrojanDetector.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\Trojanwall.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\TrojDie.kxp"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UIHost.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UmxAgent.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UmxAttachment.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UmxCfg.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UmxFwHlp.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UmxPol.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\UpLive.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\WoptiClean.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\zxsweep.exe"
                 "Debugger"="NTSD -D"
Eliminada Clave  "HKLM\...\Image File Execution Options\ÐÞ¸´¹¤¾ß.exe"
                 "Debugger"="NTSD -D"
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Detectado AUTORUN.INF en la Unidad (C)
 Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (D)
 Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (E)
 Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Detectado AUTORUN.INF en la Unidad (I)
 Open=yt8a.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.[/code]

Y ya les mande por mail el yt8a . exe y el autorun . inf

Saludos de antemano!

Mensaje por **lucl** » 12 Ago 2009, 10:08

Pues ahora añañdele extension . vir a ~~[b]~~yt8a . exe[/b] para que no te incordie hasta que nuestros tecnicos vuelvan de vacaciones y puedan analizartelo. Antes de añadirle extension .vir mirate este link por si no vieras todas las extensiones

https://foros.zonavirus.com/viewtopic.php?f=5&t=13245

Ademas vacuna tu pc y pendrives con elipen,

http://www.zonavirus.com/descargas/elipen.asp

primero el pc y luego inserta los pendrives que tengas. Y nos pegas el infosat con el resultado del elipen.

Ademas si puedes ejecuta sprocess y nos pegas el sproclog.txt que te dejara en C, saludos.

http://www.zonavirus.com/descargas/sproces.asp

Mensaje por **msc hotline sat** » 25 Ago 2009, 10:25

recibidas las muestras para analizar, el preanalisis muestra el siguiente informe:

File c8df7c7f22f363318fbc00dd164fc400e26522df.exe received on 2009.07.29 20:52:21 (UTC)

Current status: finished

Result: 40/41 (97.56%)

Compact Print results Antivirus Version Last Update Result

a-squared 4.5.0.24 2009.07.29 Trojan-Banker.Win32.Banker!IK

AhnLab-V3 5.0.0.2 2009.07.29 Win32/Autorun.worm.36642

AntiVir 7.9.0.234 2009.07.29 TR/Drop.Cattivo.A

Antiy-AVL 2.0.3.7 2009.07.29 Backdoor/Win32.Hupigon

Authentium 5.1.2.4 2009.07.28 W32/Downloader.F.gen!Eldorado

Avast 4.8.1335.0 2009.07.29 Win32:Trojan-gen {Other}

AVG 8.5.0.387 2009.07.29 Worm/Generic.MZO

BitDefender 7.2 2009.07.29 Win32.Worm.Autorun.NQ

CAT-QuickHeal 10.00 2009.07.28 Win32.VirTool.DelfInject.gen!X.2

ClamAV 0.94.1 2009.07.29 Trojan.Hupigon-23160

Comodo 1796 2009.07.29 Worm.Win32.AutoRun.~NA

DrWeb 5.0.0.12182 2009.07.29 Win32.HLLW.Autoruner.3011

eSafe 7.0.17.0 2009.07.29 Win32.Looked.gen

eTrust-Vet 31.6.6645 2009.07.29 Win32/Bosbot!generic

F-Prot 4.4.4.56 2009.07.28 W32/Downloader.F.gen!Eldorado

F-Secure 8.0.14470.0 2009.07.29 Backdoor.Win32.Hupigon.gjeu

Fortinet 3.120.0.0 2009.07.29 PossibleThreat

GData 19 2009.07.29 Win32.Worm.Autorun.NQ

Ikarus T3.1.1.64.0 2009.07.29 Trojan-Banker.Win32.Banker

Jiangmin 11.0.800 2009.07.29 Backdoor/Huigezi.2008.xlv

K7AntiVirus 7.10.805 2009.07.29 Generic.Packed.Upack

Kaspersky 7.0.0.125 2009.07.29 Backdoor.Win32.Hupigon.gjeu

McAfee 5692 2009.07.29 W32/Autorun.worm.gen

McAfee+Artemis 5692 2009.07.29 W32/Autorun.worm.gen

McAfee-GW-Edition 6.8.5 2009.07.29 Heuristic.BehavesLike.Win32.Packed.A

Microsoft 1.4903 2009.07.29 Worm:Win32/Autorun.CY

NOD32 4289 2009.07.29 a variant of Win32/AutoRun.ADC

Norman 2009.07.29 W32/Packed_Upack.H

nProtect 2009.1.8.0 2009.07.29 Backdoor/W32.Hupigon.36642

Panda 10.0.0.14 2009.07.29 W32/Autorun.AJM.worm

PCTools 4.4.2.0 2009.07.29 Packed/Upack

Prevx 3.0 2009.07.29 -

Rising 21.40.24.00 2009.07.29 Worm.Win32.Baby2008.v

Sophos 4.44.0 2009.07.29 W32/Autorun-AGN

Sunbelt 3.2.1858.2 2009.07.29 Bulk Trojan

Symantec 1.4.4.12 2009.07.29 W32.SillyDC

TheHacker 6.3.4.3.377 2009.07.29 Trojan/OnLineGame.gen

TrendMicro 8.950.0.1094 2009.07.29 WORM_AUTORUN.VL

VBA32 3.12.10.9 2009.07.29 MalwareScope.Trojan-PSW.Game.7

ViRobot 2009.7.29.1859 2009.07.29 Backdoor.Win32.Hupigon.36642

VirusBuster 4.6.5.0 2009.07.29 Packed/Upack

Additional information

File size: 36642 bytes

MD5 : b3dbee242b0584eaaafb800651d11591

SHA1 : bdc088127af7d2959f2f7a8b44ddffd6b9b59bad

Entran en cola de monitiorizacion y tras ello implementaremos su control y eliminacion en nuestras utilidades, de lo cual informaremos.

Al ser virus de pendrive conviene vacunar el ordenador y los pendrives con el ELIPEN:

Y vacune el ordenador y todas sus unidades de disco y pendrive con el ELIPEN:

~~[b]~~ELIPEN.EXE[/b]

http://www.zonavirus.com/descargas/elipen.asp

Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso

saludos

ms, 25-8-2009

Mensaje por **msc hotline sat** » 28 Ago 2009, 13:33

A partir del ELISTARA de hoy 19.15 se controlará como AUTORUN la muestra enviada.

[quote]
~~[b]~~ ELISTARA: [/b]

http://www.zonavirus.com/descargas/elistara.asp

Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso
[/quote]

A partir de las 15 h GMT, estará disponible en esta web, para pruebas de evaluacion en el foro de zonavirus

saludos

ms, 28-8-2009

Infectado con variante autorun . inf

Infectado con variante autorun . inf

Re: Infectado con variante autorun . inf

Re: Infectado con variante autorun . inf

Re: Infectado con variante autorun . inf