Antivirus Pro 2010

YouTube · Mensaje por **LeThe** » Mar Nov 03, 2009 2:43 pm

Eliminado completamente con Malwarebytes Antimalware

Imagen

Malwarebytes' Anti-Malware 1.41
Database version: 3092
Windows 5.1.2600 Service Pack 2

11/3/2009 8:15:37 AM
mbam-log-2009-11-03 (08-15-37).txt

Scan type: Quick Scan
Objects scanned: 103769
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 8
Memory Modules Infected: 4
Registry Keys Infected: 3
Registry Values Infected: 15
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 38

Memory Processes Infected:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert)
C:\WINDOWS\9129837.exe (Trojan.Agent)
C:\WINDOWS\Temp\wpv491254042811.exe (Trojan.Proxy)
C:\Documents and Settings\Sales & Marketing\Application Data\seres.exe (Rogue.AntiVirusPro)
C:\Documents and Settings\Sales & Marketing\Application Data\svcst.exe (Rogue.AntiVirusPro)
C:\WINDOWS\SYSTEM32\qtplugin.exe (Rootkit.Agent)
C:\Documents and Settings\Sales & Marketing\restorer32_a.exe (Trojan.FakeAlert)
C:\WINDOWS\SYSTEM32\restorer32_a.exe (Trojan.FakeAlert)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\tftp.nfo (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010) -> Delete on reboot.
C:\Program Files\AntivirusPro_2010\htmlayout.dll (Rogue.AntiVirusPro2010) -> Delete on reboot.
C:\Program Files\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antiviruspro_2010 (Rogue.AntiVirusPro2010)
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2010 (Trojan.FakeAlert)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Proxy)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Rogue.AntiVirusPro)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Rogue.AntiVirusPro)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent)
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter)
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\(default) (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.mfc\(default) (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.crt\(default) (Rogue.RegistrySmart)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe tftp.nfo beforegllav) Good: (Explorer.exe)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)

Folders Infected:
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\data (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010)

Files Infected:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert)
C:\WINDOWS\9129837.exe (Trojan.Agent)
C:\WINDOWS\SYSTEM32\tftp.nfo (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Temp\wpv491254042811.exe (Trojan.Proxy)
C:\Documents and Settings\Sales & Marketing\Application Data\lizkavd.exe (Trojan.FakeAlert)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Downloader)
C:\WINDOWS\SYSTEM32\_scui.cpl (Trojan.FakeAlert)
C:\WINDOWS\Temp\wpv391254259302.exe (Trojan.Sasfis)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temp\19B.tmp (Trojan.Downloader)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temp\~TM198.tmp (Trojan.Downloader)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temporary Internet Files\Content.IE5\T6UR1VT6\load[1].exe (Trojan.Downloader)
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\htmlayout.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Uninstall.exe (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\wscui.cpl (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\data\daily.cvd (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntiVirusPro2010)
C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Application Data\seres.exe (Rogue.AntiVirusPro)
C:\Documents and Settings\Sales & Marketing\Application Data\svcst.exe (Rogue.AntiVirusPro)
C:\Documents and Settings\Sales & Marketing\Application Data\wiaserva.log (Malware.Trace)
C:\WINDOWS\SYSTEM32\qtplugin.exe (Rootkit.Agent)
C:\Documents and Settings\Sales & Marketing\Local Settings\Temp\BN5.tmp (Trojan.Agent)
C:\WINDOWS\Temp\wpv321252894422.exe (Trojan.Agent)
C:\WINDOWS\Temp\wpv631253926400.exe (Trojan.Agent)
C:\WINDOWS\Temp\wpv711252921009.exe (Trojan.Agent)
C:\Documents and Settings\Sales & Marketing\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace)
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart)
C:\Documents and Settings\Sales & Marketing\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010)
C:\Documents and Settings\Sales & Marketing\restorer32_a.exe (Trojan.FakeAlert)
C:\WINDOWS\SYSTEM32\restorer32_a.exe (Trojan.FakeAlert)

simonviejo · Mensaje por **simonviejo** » Mar Nov 03, 2009 4:58 pm

Me llama la atencion; primero fue Antivirus 2008, luego el 2009 y ahora este.

Mensaje por **Menfis** » Mar Nov 03, 2009 7:52 pm

ja ja, como van actualizando también con sus versiones, en hora buena que el Malwarebytes Antimalware cumple su cometido.

sitges65 · Mensaje por **sitges65** » Lun Abr 19, 2010 6:10 am

sigo aprendiendo

gracias a todos....Algún día seguro q podré yo ayudar a los demás

Foro de LeThe Online y Joshua Marius