Eliminados con Malwarebytes Antimalware y tambien AVG
Log de AVG
"";"C:\WINDOWS\system32\voveguji.dll";"Trojan horse Vundo.GO";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\obunogok.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\kuzokutu.exe";"Virus identified Worm/Generic_r.GI";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\ijugevov.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\ezejiweb.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\ahulejay.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\Documents and Settings\Guest\Local Settings\Temp\e.exe";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\yafakeje\yafakeje.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\yafakeje\ejekafay.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\wowinule\wowinule.dll";"Trojan horse Vundo.GM";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\ramegige\ramegige.dll";"Trojan horse Vundo.GM";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\poruzowo\poruzowo.exe";"Trojan horse Vundo.GM";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\luveseja\luveseja.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\luveseja\ajesevul.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\lidewiti\lidewiti.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\kezuroha\kezuroha.exe";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\jadelamo\jadelamo.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\hulujige\egijuluh.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\hoheyuli\hoheyuli.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\habodotu\habodotu.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\foweriyo\foweriyo.exe";"Trojan horse SHeur2.ACQH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\fonopeja\fonopeja.exe";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\bohumoye\bohumoye.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
Log de Malwarebytes
Memory Modules Infected:
c:\WINDOWS\system32\penipure.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Guest\Application Data\Adobe\biosvid.dll (Trojan.Vundo) -> Delete on reboot.
c:\program files\podmena\podmena.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f00ebce5-8544-4d6b-82da-63b069607102} (Trojan.Vundo.H)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\podmena (Trojan.Agent)
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports)
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\biosvid (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.Vundo)
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo)
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kurutenik (Trojan.Vundo.H)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{f00ebce5-8544-4d6b-82da-63b069607102} (Trojan.Vundo.H)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\lewatovap (Trojan.Vundo.H)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\penipure.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\penipure.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\11202654 (Rogue.Multiple)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports)
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport (Adware.ShopperReports)
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs (Adware.ShopperReports)
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports)
C:\Program Files\podmena (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\ShoppingReport (Adware.ShopperReports)
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports)
C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.ShopperReports)
C:\Program Files\ShoppingReport\cs (Adware.ShopperReports)
Files Infected:
C:\WINDOWS\system32\bejaline.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\bewijeze.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\ganoseho.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\hujinuya.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\kogonubo.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\nefuwipi.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\nerefone.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\penipure.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pihuwali.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\pojezija.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\reveneko.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\tuviloko.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\wulezije.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\yajeluha.dll (Trojan.Vundo.H)
C:\Documents and Settings\Guest\Application Data\Adobe\biosvid.dll (Trojan.BHO.H) -> Delete on reboot.
c:\program files\podmena\podmena.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (Adware.ShopperReports)
C:\WINDOWS\system32\rodusano.exe (Rogue.SystemSecurity)
C:\WINDOWS\system32\zilagelo.dll (Trojan.Vundo)
C:\Documents and Settings\Guest\Local Settings\Temp\AntivirusSetup.exe (Trojan.FakeAlert)
C:\Documents and Settings\Guest\Local Settings\Temp\SysNotifier.exe (Trojan.FakeAlert)
C:\Documents and Settings\Guest\Local Settings\Temp\XPShieldSetup.exe (Rogue.Installer)
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\I6Q0NEFC\srm_free_setup[1].exe (Rogue.Installer)
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UH6TV3IM\srm_free_setup[1].exe (Rogue.Installer)
C:\WINDOWS\SysNotifier.exe (Trojan.FakeAlert)
C:\WINDOWS\freddy46.exe (Worm.KoobFace)
C:\Documents and Settings\All Users\Application Data\11202654\pc11202654ins (Rogue.Multiple)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports)
C:\Program Files\podmena\podmena.sys (Trojan.Downloader)
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports)
C:\WINDOWS\zaponce53198.dat (Worm.Koobface)
C:\WINDOWS\zaponce53222.dat (Worm.Koobface)
C:\WINDOWS\zaponce53290.dat (Worm.Koobface)
C:\WINDOWS\bf23567.dat (Worm.KoobFace)
C:\WINDOWS\ld09.exe (Worm.KoobFace)
C:\WINDOWS\msmark2.dat (Worm.KoobFace)
C:\WINDOWS\mstre19.exe (Worm.KoobFace)
Mas virus, trojanos y otros
-
LeThe
- Site Admin
- Mensajes: 7048
- Registrado: Vie Jun 15, 2007 5:11 pm
- Ubicación: Florida, Estados Unidos
- Contactar:
Mas virus, trojanos y otros
Ing. Joshua Marius
Windows 11 Pro x64 25H2
AMD Ryzen 9 7950X3D
ASRock B650M Pro RS WiFi
Crucial P3 4TB PCIe CT4000P3SSD8
Crucial DDR5 Pro 32 GB DDR5-5600
NVIDIA GeForce RTX 4060
www.digitaljoshua.com
www.youtube.com/joshuamarius
Windows 11 Pro x64 25H2
AMD Ryzen 9 7950X3D
ASRock B650M Pro RS WiFi
Crucial P3 4TB PCIe CT4000P3SSD8
Crucial DDR5 Pro 32 GB DDR5-5600
NVIDIA GeForce RTX 4060
www.digitaljoshua.com
www.youtube.com/joshuamarius
Re: Mas virus, trojanos y otros
La combinación AVG y Malwarebytes resulta muy favorable, gracias por la información. 
No hay que empezar siempre por la noción primera de las cosas que se estudian,
sino por aquello que puede facilitar el aprendizaje.
sino por aquello que puede facilitar el aprendizaje.