Eliminados con Malwarebytes Antimalware y tambien AVG
Log de AVG
"";"C:\WINDOWS\system32\voveguji.dll";"Trojan horse Vundo.GO";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\obunogok.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\kuzokutu.exe";"Virus identified Worm/Generic_r.GI";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\ijugevov.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\ezejiweb.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\WINDOWS\system32\ahulejay.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\Documents and Settings\Guest\Local Settings\Temp\e.exe";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\yafakeje\yafakeje.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\yafakeje\ejekafay.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\wowinule\wowinule.dll";"Trojan horse Vundo.GM";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\ramegige\ramegige.dll";"Trojan horse Vundo.GM";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\poruzowo\poruzowo.exe";"Trojan horse Vundo.GM";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\luveseja\luveseja.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\luveseja\ajesevul.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\lidewiti\lidewiti.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\kezuroha\kezuroha.exe";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\jadelamo\jadelamo.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\hulujige\egijuluh.ini";"Trojan horse Vundo.LL";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\hoheyuli\hoheyuli.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\habodotu\habodotu.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\foweriyo\foweriyo.exe";"Trojan horse SHeur2.ACQH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\fonopeja\fonopeja.exe";"Trojan horse Vundo.GH";"Moved to Virus Vault"
"";"C:\Documents and Settings\All Users\Application Data\bohumoye\bohumoye.dll";"Trojan horse Vundo.GH";"Moved to Virus Vault"
Log de Malwarebytes
Memory Modules Infected:
c:\WINDOWS\system32\penipure.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Guest\Application Data\Adobe\biosvid.dll (Trojan.Vundo) -> Delete on reboot.
c:\program files\podmena\podmena.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f00ebce5-8544-4d6b-82da-63b069607102} (Trojan.Vundo.H)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\podmena (Trojan.Agent)
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports)
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports)
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\biosvid (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.Vundo)
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports)
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo)
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kurutenik (Trojan.Vundo.H)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{f00ebce5-8544-4d6b-82da-63b069607102} (Trojan.Vundo.H)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\lewatovap (Trojan.Vundo.H)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\penipure.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\penipure.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\11202654 (Rogue.Multiple)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports)
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport (Adware.ShopperReports)
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs (Adware.ShopperReports)
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports)
C:\Program Files\podmena (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\ShoppingReport (Adware.ShopperReports)
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports)
C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.ShopperReports)
C:\Program Files\ShoppingReport\cs (Adware.ShopperReports)
Files Infected:
C:\WINDOWS\system32\bejaline.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\bewijeze.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\ganoseho.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\hujinuya.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\kogonubo.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\nefuwipi.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\nerefone.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\penipure.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pihuwali.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\pojezija.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\reveneko.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\tuviloko.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\wulezije.dll (Trojan.Vundo.H)
C:\WINDOWS\system32\yajeluha.dll (Trojan.Vundo.H)
C:\Documents and Settings\Guest\Application Data\Adobe\biosvid.dll (Trojan.BHO.H) -> Delete on reboot.
c:\program files\podmena\podmena.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (Adware.ShopperReports)
C:\WINDOWS\system32\rodusano.exe (Rogue.SystemSecurity)
C:\WINDOWS\system32\zilagelo.dll (Trojan.Vundo)
C:\Documents and Settings\Guest\Local Settings\Temp\AntivirusSetup.exe (Trojan.FakeAlert)
C:\Documents and Settings\Guest\Local Settings\Temp\SysNotifier.exe (Trojan.FakeAlert)
C:\Documents and Settings\Guest\Local Settings\Temp\XPShieldSetup.exe (Rogue.Installer)
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\I6Q0NEFC\srm_free_setup[1].exe (Rogue.Installer)
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UH6TV3IM\srm_free_setup[1].exe (Rogue.Installer)
C:\WINDOWS\SysNotifier.exe (Trojan.FakeAlert)
C:\WINDOWS\freddy46.exe (Worm.KoobFace)
C:\Documents and Settings\All Users\Application Data\11202654\pc11202654ins (Rogue.Multiple)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports)
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports)
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports)
C:\Program Files\podmena\podmena.sys (Trojan.Downloader)
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports)
C:\WINDOWS\zaponce53198.dat (Worm.Koobface)
C:\WINDOWS\zaponce53222.dat (Worm.Koobface)
C:\WINDOWS\zaponce53290.dat (Worm.Koobface)
C:\WINDOWS\bf23567.dat (Worm.KoobFace)
C:\WINDOWS\ld09.exe (Worm.KoobFace)
C:\WINDOWS\msmark2.dat (Worm.KoobFace)
C:\WINDOWS\mstre19.exe (Worm.KoobFace)
Mas virus, trojanos y otros
-
LeThe
- Site Admin
- Mensajes: 7046
- Registrado: Vie Jun 15, 2007 5:11 pm
- Ubicación: Florida, Estados Unidos
- Contactar:
Mas virus, trojanos y otros
Ing. Joshua Marius
Windows 10 Pro x64 20H2
Intel Core i7-3770K, 4.5 Ghz
ASUS P8Z68-V LX
Disco 1: Samsung SSD 850 EVO 500 GB
RAID 1: Seagate ST3000DM001 3TB
CORSAIR Vengeance 16 GB DDR3 1600
NVIDIA GeForce GTX 1060
Windows 10 Pro x64 20H2
Intel Core i7-3770K, 4.5 Ghz
ASUS P8Z68-V LX
Disco 1: Samsung SSD 850 EVO 500 GB
RAID 1: Seagate ST3000DM001 3TB
CORSAIR Vengeance 16 GB DDR3 1600
NVIDIA GeForce GTX 1060
Re: Mas virus, trojanos y otros
La combinación AVG y Malwarebytes resulta muy favorable, gracias por la información. 
No hay que empezar siempre por la noción primera de las cosas que se estudian,
sino por aquello que puede facilitar el aprendizaje.
sino por aquello que puede facilitar el aprendizaje.