| airuncilla |  |
|
2008-07-01 19:45 - Respuestas: 1 - Tema nº: 2528155
Características: Windows XP Home Procesador Intel(R) Pentium(R);1.70GHz;1,00GB de RAM.
Buenas!!,a ver,hace dias al descomprimir una cancion el ordenador empezo a ir mal.
Lo primero que pasó fué que al lado del reloj de la barra de herramientas salió el mensaje \"Virus Alert!\",y al meterme en internet explorer la página que salia era una avisandome de que mi equipo estaba en peligro que diera en la opcion para descargar un antivirus llamado KvmSecurity, cosa que no hice y cerré la ventana.
Despues de eso al encender de nuevo el equipo encuentro que en el escritorio se han creado 3 accesos directos que no puedo eliminar porque siempre vuelven a salir llamados \"Privacy \"Protector\", \"Spyware & Malware Protection\" y \"Error Cleaner\".Además de eso al meterme en menu inicio encuentro que no puedo ver los programas,no salen las opciones de \"Mis documentos\",\"Mi Pc\", ni tampoco \"Panel de control\", o la opcion de \"Ejecutar\", ya que donde deberian aparecer no hay nada, esta en blanco.
Si me meto en Mi PC no aparece la unidad C:.
No puedo abrir el administrador de tareas ya que me dice que ha sido desactivado por un administrador al igual cuando le doy a propiedades de escritorio que sale lo mismo.
Contantemente me salen avisos de \"System alert!\" en la barra de herramientas que me dicen que mi equipo esta en peligro porque esta sufriendo ataques,y al momento aparecen avisos en ventanas q me dicen lo mismo pero esta vez me dan a elegir entre darle a \"Si\" para bajarme un antivirus o darle a \"No\" y seguir igual.
Tras consultar,me dijeron que siguiera los siguientes pasos:
***********
Hice todo eso y el reporter del Malwarebytes\' Anti-Malware pone esto:
Scan type: Full Scan (C:\\|)
Objects scanned: 152966
Time elapsed: 29 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 23
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 51
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\\WINDOWS\\system32\\cbXQjgHw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\\WINDOWS\\system32\\mlJyaBTJ.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{aabc25b2-d327-4652-b75c-238cb9e82887} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\\CLSID\\{aabc25b2-d327-4652-b75c-238cb9e82887} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\\CLSID\\{6b2585ff-02fa-413c-906f-9672f4df821a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{6b2585ff-02fa-413c-906f-9672f4df821a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\mljyabtj (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\\Interface\\{7cf3c19f-131a-411a-8983-f5df7c7b8efa} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\Typelib\\{d6cb182b-1211-426b-8e68-1757f04dbe63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\CLSID\\{a60c6234-48ab-4295-b542-24f8679fa15c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\Interface\\{a707b81b-1cb7-419e-9389-2f2e38a5c479} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\Interface\\{c3bd3eac-9c71-45c9-b7a7-3ce52487bc61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\Typelib\\{8d193878-b80b-4617-91ac-294c1212e8fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\CLSID\\{8e0b059f-dffa-46f5-b6f9-2b2eb2551ad8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{8e0b059f-dffa-46f5-b6f9-2b2eb2551ad8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\CLSID\\{33479d36-1ecd-476b-8712-6fb9ccf50a83} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\CLSID\\{8f1e2e8e-e9ab-410a-aff4-3477ed66661e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\CLSID\\{34247b21-4373-42a5-8f99-e11c6f23d2c2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\gxvpsafm.btgx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\\gxvpsafm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks\\{6b2585ff-02fa-413c-906f-9672f4df821a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\{a60c6234-48ab-4295-b542-24f8679fa15c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad\\qegbdmwf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad\\pntqkflv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\LSA\\Notification Packages (Trojan.Vundo) -> Data: c:\\windows\\system32\\cbxqjghw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\LSA\\Authentication Packages (Trojan.Vundo) -> Data: c:\\windows\\system32\\cbxqjghw -> Delete on reboot.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76459-OEM-0011903-00117) -> Quarantined and deleted successfully.
Folders Infected:
C:\\Archivos de programa\\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\\WINDOWS\\system32\\cbXQjgHw.dll (Trojan.Vundo) -> Delete on reboot.
C:\\WINDOWS\\system32\\wHgjQXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\\WINDOWS\\system32\\wHgjQXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\\WINDOWS\\system32\\iwryqyst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\\WINDOWS\\system32\\tsyqyrwi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\\WINDOWS\\system32\\mlJyaBTJ.dll (Trojan.Vundo) -> Delete on reboot.
C:\\WINDOWS\\gxvpsafm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\\WINDOWS\\gfetqaxsxqs.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\\System Volume Information\\_restore{A1C11E73-8BFD-46C2-AEDE-CE327ACC6F7F}\\RP446\\A0127507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\acrop_.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\adresack.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\aggstock.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\antichrist_supersta.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\babykruffy.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\candytime.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\cherl_.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\chick_.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\comicate.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\EARWIGFA.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\flying_penguin.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\grand_stylus.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\hairofth.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\handage.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\HELMS.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\initial.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\japan.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\jayneprint.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\jenkt_.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\jinky.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\jive.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\jubie_.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\konector.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\Lindl___.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\nightsky.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\nockc_.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\og.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\oggle_.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\ohcrap.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\oil_on_the_water.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\olopus.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\one.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\psuedosaudi.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\puppylike.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\showerflower.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\snipple.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\spawned.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\Fonts\\spirit.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\system32\\user32.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\\WINDOWS\\tovafrnm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\\WINDOWS\\qegbdmwf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\\WINDOWS\\pntqkflv.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Lo unico que no pude hacer fue pasar el panda scan en sesion normal ya que no va.
Una vez que he hecho todo eso al iniciar sesion aparentemente todo sigue igual,solo que ahora el kaspersky me lanza avisos que antes no salian advirtiendome de virus troyanos, y me sale un listado con 28 objetos infectados y en todos sale \"Adware.Win32.Virtumonde.yet\" seguido de diferentes nombres de archivos.
Espero haber detallado lo suficiente el problema y que me podais decir lo que tengo que hacer para desinfectar el ordenador porque ya no se qué hacer!!
Gracias por adelantadoo!!
Comentarios adicionales: El problema surgió justo despues de instalar un programa.
-
[Mensaje editado por tordanxa con fecha: 01-07-2008 19:49:40]. | |
|
