| Gachu |  |
|
Re: No puedo instalar ningún antivirus (Solucionado) - 2007-01-31 01:52 - Respuesta 52
Ya me encontró el virus. Se escondía en F:/Documents%20and%20Settings/Gaston/Datos%20de%20programa/hidires/m_hook.sys
Tuve que ir manualmente a borrarlo varias veces. Y en otro lados también aparecía.
Yo no se si estuve bien o no, pero elM_hook.sys, no aparecía al abrir la carpeta que lo contenía. Entcones en la barra de navegación escribí: F:/Documents%20and%20Settings/Gaston/Datos%20de%20programa/hidires/m_hook.sys
Ahí me preguntaba como quería abrir el archivo. Yo le puse que con Word y que siempre lo abra así. Después de esto, el archivo quedó a la vista. Lo abrí, y borré todos los caracteres que tenía escrito en el Word y lo guardé. Luego eliminé el archivo y por las dudas también toda la carpeta hidires, que tenía un ícono con la bandera de alemania, que tuve que eliminar dos veces y que cambió de nombre.
Ahora bien, ya que estamos, ahora paso el Roockit Unhoocker y me aparece lo siguiente:
>SSDT State
>Processes
>Drivers
>Files
>Hooks
[584]msnmsgr.exe>advapi32.dll>CryptDecrypt, Type: Inline - RelativeJump at address 0x77DBA7B1 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>advapi32.dll>CryptDecrypt, Type: Inline - SEH at address 0x77DBA7B6 hook handler located in [unknown_code_page]
[584]msnmsgr.exe>advapi32.dll>CryptDecrypt, Type: Inline - SEH at address 0x77DBA7B7 hook handler located in [unknown_code_page]
[584]msnmsgr.exe>advapi32.dll>CryptDeriveKey, Type: Inline - RelativeJump at address 0x77DBA685 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>advapi32.dll>CryptDeriveKey, Type: Inline - SEH at address 0x77DBA68A hook handler located in [unknown_code_page]
[584]msnmsgr.exe>advapi32.dll>CryptDeriveKey, Type: Inline - SEH at address 0x77DBA68B hook handler located in [unknown_code_page]
[584]msnmsgr.exe>kernel32.dll>CreateEventA, Type: Inline - RelativeJump at address 0x7C8308AD hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>kernel32.dll>FindResourceExW, Type: Inline - RelativeJump at address 0x7C80AC88 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>kernel32.dll>FindResourceExW, Type: Inline - SEH at address 0x7C80AC8D hook handler located in [unknown_code_page]
[584]msnmsgr.exe>kernel32.dll>FindResourceExW, Type: Inline - SEH at address 0x7C80AC8E hook handler located in [unknown_code_page]
[584]msnmsgr.exe>kernel32.dll>FindResourceW, Type: Inline - RelativeJump at address 0x7C80BBCE hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>kernel32.dll>FindResourceW, Type: Inline - SEH at address 0x7C80BBD3 hook handler located in [unknown_code_page]
[584]msnmsgr.exe>kernel32.dll>FindResourceW, Type: Inline - SEH at address 0x7C80BBD4 hook handler located in [unknown_code_page]
[584]msnmsgr.exe>kernel32.dll>LoadResource, Type: Inline - RelativeJump at address 0x7C809FB5 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>kernel32.dll>LoadResource, Type: Inline - SEH at address 0x7C809FBA hook handler located in [unknown_code_page]
[584]msnmsgr.exe>kernel32.dll>LoadResource, Type: Inline - SEH at address 0x7C809FBB hook handler located in [unknown_code_page]
[584]msnmsgr.exe>kernel32.dll>LockResource, Type: Inline - RelativeJump at address 0x7C80CC97 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>kernel32.dll>SetUnhandledExceptionFilter, Type: Inline - RelativeJump at address 0x7C84479D hook handler located in [msnmsgr.exe]
[584]msnmsgr.exe>kernel32.dll>SizeofResource, Type: Inline - RelativeJump at address 0x7C80BC69 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>kernel32.dll>SizeofResource, Type: Inline - SEH at address 0x7C80BC6E hook handler located in [unknown_code_page]
[584]msnmsgr.exe>kernel32.dll>SizeofResource, Type: Inline - SEH at address 0x7C80BC6F hook handler located in [unknown_code_page]
[584]msnmsgr.exe>shell32.dll>Shell_NotifyIconW, Type: Inline - RelativeJump at address 0x7CA31B5A hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>user32.dll>CreateDialogParamW, Type: Inline - RelativeJump at address 0x77D284EE hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>user32.dll>CreateWindowExW, Type: Inline - RelativeJump at address 0x77D1FF50 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>user32.dll>FlashWindow, Type: Inline - RelativeJump at address 0x77D55C5C hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>user32.dll>MessageBoxIndirectW, Type: Inline - RelativeJump at address 0x77D66093 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>user32.dll>PeekMessageW, Type: Inline - RelativeJump at address 0x77D1929B hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>user32.dll>SetWindowPlacement, Type: Inline - RelativeJump at address 0x77D2DF46 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>user32.dll>SetWindowRgn, Type: Inline - RelativeJump at address 0x77D202DD hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>user32.dll>SetWindowRgn, Type: Inline - SEH at address 0x77D202E2 hook handler located in [unknown_code_page]
[584]msnmsgr.exe>user32.dll>SetWindowRgn, Type: Inline - SEH at address 0x77D202E3 hook handler located in [unknown_code_page]
[584]msnmsgr.exe>user32.dll>TrackPopupMenuEx, Type: Inline - RelativeJump at address 0x77D6CB1A hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>wininet.dll>HttpOpenRequestA, Type: Inline - RelativeJump at address 0x771936AD hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>wininet.dll>HttpSendRequestA, Type: Inline - RelativeJump at address 0x77196249 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>wininet.dll>InternetCloseHandle, Type: Inline - RelativeJump at address 0x77194D6C hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>wininet.dll>InternetReadFile, Type: Inline - RelativeJump at address 0x771980F4 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>ws2_32.dll>closesocket, Type: Inline - RelativeJump at address 0x71A39639 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>ws2_32.dll>recv, Type: Inline - RelativeJump at address 0x71A3615A hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>ws2_32.dll>send, Type: Inline - RelativeJump at address 0x71A3428A hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>ws2_32.dll>WSARecv, Type: Inline - RelativeJump at address 0x71A34318 hook handler located in [MsgPlusLive.dll]
[584]msnmsgr.exe>ws2_32.dll>WSASend, Type: Inline - RelativeJump at address 0x71A36233 hook handler located in [MsgPlusLive.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
Al menos son todos de M-S-N plus... quería saber si son peligrosos y si me conviene borrar el M-S-N plus (perdón, pero tenía que escribirlo para que todos puedan entender).
Realmente fueron de gran ayuda y quería agradecerselos.
Aún así, no creo que sea nuestro último contacto, aunque espero que si por este tema, porque aún me queda reiniciar la máquina, porque al querer instalar el AVG, me dice que un archivo (del virus, que también se encontraba ahí) está pendiente para ser eliminado luego de la reiniciación de windows.
Así que, veremos qué pasa. Sino, me vuelvo a contactar. | |
|
|
